Subject: RISKS DIGEST 14.14

Subject: RISKS DIGEST 14.14
REPLY-TO: [email protected]

RISKS-LIST: RISKS-FORUM Digest Weds 2 December 1992 Volume 14 : Issue 14

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
Akron BBS trial update! (David Lehrer)
Holiday reading on Risks (Phil Agre)
Re: Books on Probability (Pete Mellor)
FME'93 Call For Participation and Programme (Peter Gorm Larsen)

The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to [email protected], with relevant, substantive
"Subject:" line. Others may be ignored! Contributions will not be ACKed.
The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS,
especially .UUCP folks. REQUESTS please to [email protected].

Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 14, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.

For information regarding delivery of RISKS by FAX, phone 310-455-9300
(or send FAX to RISKS at 310-455-2364, or EMail to [email protected]).

ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

----------------------------------------------------------------------

Date: 02 Dec 92 11:49:08 EST
From: David Lehrer <[email protected]>
Subject: Akron BBS trial update!

Akron BBS trial update: Dangerous precedents in sysop prosecution

You may already know about the BBS 'sting' six months ago in Munroe Falls, OH
for "disseminating matter harmful to juveniles." Those charges were dropped
for lack of evidence. Now a trial date of 1/4/93 has been set after new felony
charges were filed, although the pretrial hearing revealed no proof that *any*
illegal content ever went out over the BBS, nor was *any* found on it.

For those unfamiliar with the case, here's a brief summary to date. In May
1992 someone told Munroe Falls police they *thought* minors could have been
getting access to adult materials over the AKRON ANOMALY BBS. Police began a
2-month investigation. They found a small number of adult files in the
non-adult area.

The sysop says he made a clerical error, causing those files to be overlooked.
Normally adult files were moved to a limited-access area with proof of age
required (i.e. photostat of a drivers license).

Police had no proof that any minor had actually accessed those files so police
logged onto the BBS using a fictitious account, started a download, and
borrowed a 15-year old boy just long enough to press the return key. The boy
had no knowledge of what was going on.

Police then obtained a search warrant and seized Lehrer's BBS system. Eleven
days later police arrested and charged sysop Mark Lehrer with "disseminating
matter harmful to juveniles," a misdemeanor usually used on bookstore owners
who sell the wrong book to a minor. However, since the case involved a
computer, police added a *felony* charge of "possession of criminal tools"
(i.e. "one computer system").

Note that "criminal tool" statutes were originally intended for specialized
tools such as burglar's tools or hacking paraphernalia used by criminal
'specialists'. The word "tool" implies deliberate use to commit a crime,
whereas the evidence shows (at most) an oversight. This raises the
Constitutional issue of equal protection under the law (14th Amendment). Why
should a computer hobbyist be charged with a felony when anyone else would be
charged with a misdemeanor?

At the pretrial hearing, the judge warned the prosecutor that they'd need "a
lot more evidence than this" to convict. However the judge allowed the case to
be referred to a Summit County grand jury, though there was no proof the sysop
had actually "disseminated", or even intended to disseminate any adult
material "recklessly, with knowledge of its character or content", as the
statute requires. Indeed, the sysop had a long history of *removing* such
content from the non-adult area whenever he became aware of it. This came out
at the hearing.

The prosecution then went on a fishing expedition. According to the
Cleveland Plain Dealer (7/21/92)

"[Police chief] Stahl said computer experts with the Ohio
Bureau of Criminal Identification and Investigation are reviewing
the hundreds of computer files seized from Lehrer's home. Stahl
said it's possible that some of the games and movies are being
accessed in violation of copyright laws."

Obviously the police believe they have carte blanche to search
unrelated personal files, simply by lumping all the floppies and
files in with the computer as a "criminal tool." That raises
Constitutional issues of whether the search and seizure was legal.
That's a precedent which, if not challenged, has far-reaching
implications for *every* computer owner.

Also, BBS access was *not* sold for money, as the Cleveland Plain
Dealer reports. The BBS wasn't a business, but rather a free
community service, running on Lehrer's own computer, although extra
time on the system could be had for a donation to help offset some
of the operating costs. 98% of data on the BBS consists of
shareware programs, utilities, E-mail, etc.

The police chief also stated:

"I'm not saying it's obscene because I'm not getting into that
battle, but it's certainly not appropriate for kids, especially
without parental permission," Stahl said.

Note the police chief's admission that obscenity wasn't an issue at the time
the warrant was issued.

Here the case *radically* changes direction. The charges above were dropped.
However, while searching the 600 floppy disks seized along with the BBS,
police found five picture files they think *could* be depictions of borderline
underage women; although poor picture quality makes it difficult to tell.

The sysop had *removed* these unsolicited files from the BBS hard drive after
a user uploaded them. However the sysop didn't think to destroy the floppy
disk backup, which was tossed into a cardboard box with hundreds of others.
This backup was made before he erased the files off the hard drive.

The prosecution, lacking any other charges that would stick, is using these
several floppy disks to charge the sysop with two new second-degree felonies,
"Pandering Obscenity Involving A Minor", and "Pandering Sexually Oriented
Matter Involving A Minor" (i.e. kiddie porn, prison sentence of up to 25
years).

The prosecution produced no evidence the files were ever "pandered". There's
no solid expert testimony that the pictures depict minors. All they've got is
the opinion of a local pediatrician. All five pictures have such poor
resolution that there's no way to tell for sure to what extent makeup or
retouching was used. A digitized image doesn't have the fine shadings or dot
density of a photograph, which means there's very little detail on which to
base an expert opinion. The digitization process also modifies and distorts
the image during compression.

The prosecutor has offered to plea-bargain these charges down to "possession"
of child porn, a 4'th degree felony sex crime punishable by one year in
prison. The sysop refuses to plead guilty to a sex crime. Mark Lehrer had
discarded the images for which the City of Munroe Falls adamantly demands a
felony conviction. This means the first "pandering" case involving a BBS is
going to trial in *one* month, Jan 4th.

The child porn statutes named in the charges contain a special exemption for
libraries, as does the original "dissemination to juveniles" statute (ORC #
2907.321 & 2). The exemption presumably includes public and privately owned
libraries available to the public, and their disk collections. This protects
library owners when an adult item is misplaced or lent to a minor. (i.e. 8
year olds can rent R-rated movies from a public library).

Yet although this sysop was running a file library larger than a small public
library, he did not receive equal protection under the law, as guaranteed by
the 14'th Amendment. Neither will any other BBS, if this becomes precedent.
The 'library defense' was allowed for large systems in Cubby versus
CompuServe, based on a previous obscenity case (Smith vs. California), in
which the Supreme Court ruled it generally unconstitutional to hold bookstore
owners liable for content, because that would place an undue burden on
bookstores to review every book they carry, thereby 'chilling' the
distribution of books and infringing the First Amendment.

If the sysop beats the bogus "pandering" charge, there's still "possession",
even though he was *totally unaware* of what was on an old backup floppy,
unsolicited in the first place, found unused in a cardboard box. "Possession"
does not require knowledge that the person depicted is underage. The law
presumes anyone in possession of such files must be a pedophile. The framers
of the law never anticipated sysops,or that a sysop would routinely be
receiving over 10,000 files from over 1,000 users.

The case could set a far ranging statewide and nationwide precedent whether or
not the sysop is innocent or guilty, since he and his family might lack the
funds to fight this--after battling to get this far.

These kinds of issues are normally resolved in the higher courts-- and *need*
to be resolved, lest this becomes commonplace anytime the police or a
prosecutor want to intimidate a BBS, snoop through users' electronic mail, or
"just appropriate someone's computer for their own use."

You, the reader, probably know a sysop like Mark Lehrer. You and your family
have probably enjoyed the benefits of BBS-ing. You may even have put one over
on a busy sysop now and then.

In this case; the sysop is a sober and responsible college student, studying
computer science and working to put himself through school. He kept his board
a lot cleaner than could be reasonably expected, so much so that the
prosecution can find very little to fault him for.

[The original message from David contained a plea for contributions
for an independent legal defense fund, with any overflow to EFF. RISKS
does not include such solicitations here, so I have excised those
paragraphs. However, if you are interested in further info, you may
of course contact David, or else Mark directly. See below. PGN]

Help get the word out. If you're not sure about all this, ask your local
sysops what this precedent could mean, who the EFF is--and ask them to keep
you informed of further developments in this case. Please copy this file and
send it to whoever may be interested. This case *needs* to be watchdogged.

Please send any questions, ideas or comments directly to the sysop:

Mark Lehrer
CompuServe: 71756,2116 InterNet: [email protected]
Modem: (216) 688-6383 USPO: P.O. Box 275, Munroe Falls, OH 44262

------------------------------

Date: Mon, 30 Nov 92 21:36:53 -0800
From: [email protected] (Phil Agre)
Subject: holiday reading on Risks

Here are two books that subscribers to RISKS may consider reading over the
holiday vacation. Neither one is directly concerned with computers, but both
are deeply concerned with the social management of risk, technological and
otherwise. I think it would be well worthwhile exploring their consequences
for our emerging understanding of computer risks.

Brian Wynne, Risk Management and Hazardous Waste: Implementation and the
Dialectics of Credibility, Berlin: Springer-Verlag, 1987. This book is the
report of a project at the IIASA in Vienna on the politics of regulation of
hazardous wastes. This is a fascinating enough topic on its own, but what's
particularly relevant about this particular study is its attention to the
administrative dimensions of regulation and risk. Wynne et al spell out in
a sophisticated and sustained way an argument already made by Charles Perrow
and others, that "risks" are located not exactly in technologies but in the
institutions (and by extension the larger cultures and social arrangements)
that contain them. This view has many consequences (at least, several more
than I had thought about myself), which Wynne explains with some force.

Lorraine Daston, Classical Probability in the Enlightenment, Princeton:
Princeton University Press, 1988. This is a detailed and scholarly history
of early modern mathematical ideas of probability. Though not really a social
history, it focuses on the developing practices of life insurance, lotteries,
and gambling, tracing the shifting ideas about the morality and rationality
of these things. It was not until the early 19th century, for example,
that insurance ceased to be understood as a variety of gambling. And Daston
explores at length various explanations for the great slowness with which
insurance companies came to use probabilistic models rather than individual
interviews and judgements.

Her central argument, though, concerns the rise of the idea of large-scale
statistical regularities. She says: "Whereas De Moivre took the order
revealed in stable statistical frequencies as incontrovertible evidence that
an intelligent agent was at work in the world, Poisson argued that such order
was only to be expected; we should suspect divine tinkering only when it was
absent. For the mathematicians, the clock no longer implied a clockmaker.
The ascent of statistical regularities ultimately marked the decline of the
reasonable man, as probability theory shifted its sights from the psychology
of the rational individual to the sociology of the irrational masses (page
187)." "Consequently, the targets of persuasion also differed: Quetelet
wanted governments to change their ways on the basis of his figures, not
individuals. But both sorts of probabilistic rationality presupposed the
stable, orderly phenomena that made calculation possible, even if they singled
out different *kinds* of phenomena as quantifiable. Classical probabilists
believed that judicial decisions, but not traffic accidents, were regular;
their successors believed just the reverse (page 385)."

Phil Agre, UCSD

------------------------------

Date: Tue, 1 Dec 92 11:02:29 GMT
From: Pete Mellor <[email protected]>
Subject: Re: Books on Probability (Mellor, RISKS-14.08)

Phil Earnhardt has pointed out that the two books I recommended in RISKS
DIGEST 14.08:

"How to take a chance" by Darrel Huff, and

"Making Decisions", D.V. Lindley, John Wiley & Sons, 2nd Ed., 1985

are not listed in _Books in Print_ in the US.

Thanks for the information, Phil. Both books are fairly old, so may well be
out of print.

The ISBN of Lindley's book is: 0 471 90803 7, in case that helps you to find
it. I bought it through our local university bookshop about 2 years ago, so
I'm surprised that it's out of print, but it's possible.

I don't have a copy of Huff's book to hand, so I can't quote you the ISBN.

Peter Mellor, Centre for Software Reliability, City University, Northampton
Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: [email protected]

------------------------------

Date: Wed, 2 Dec 1992 14:53:53 GMT
From: [email protected] (Peter Gorm Larsen)
Subject: FME'93 Call For Participation and Programme

The FME'93 Symposium
Industrial-Strength Formal Methods
Call for Participation and Programme
19 - 23 April 1993

Supported by the Commission
of the European Communities (CEC)
Organized by Formal Methods Europe

1. Symposium Programme

The first FME Symposium will be held at Odense Technical College in Denmark,
during the week of 19. to 23. April, 1993. It is being organised by Formal
Methods Europe, as the successor to the last four VDM symposia, to promote the
interests of users, researchers and developers of precise mathematical methods
in program development. This symposium will focus on The Application of
Industrial-Strength Formal Methods.

The symposium is divided into two parts for which registration, symposium fees
and proceedings are separate. The first two symposium days consists of two
parallel tracks with tutorials on formal methods. The last three symposium
days offer presentations of refereed papers, in parallel with presentations of
project experience reports, short presentations of tools and presentations of
European projects dealing with formal methods.

The FME'93 symposium programme features 8 half-day tutorials, 32 papers, 3
invited talks, 6 project reports, 20 tool presentations and exhibitions.

The papers to be presented cover a broad range of interests: among the formal
methods represented are VDM, Z, LOTOS, RAISE, and B. They also come from
different backgrounds, both industry and academia, and from 15 different
countries.

FME'93 will be an intense and important event, and you are advised to submit
your registration as soon as possible.

2. Symposium Sponsors

The symposium would not have been possible without the very kind support and
financial assistance of the associations and corporations listed below:

Scandinavian Airlines System (SAS)
Odense Steel Shipyard Ltd.
Deutsche System Technik
Fyns Telefon
Praxis
Lloyd's Register
DDC International
Space Software Italia
Computer Resources International (CRI)
ICL Data A/S (SUN Division)

3. General Information

Odense:
Odense is Denmark's third largest city in the center of Denmark's
second largest island, the Isle of Funen. Odense celebrated its 1000th
anniversary in 1988, and Danmark's famous fairy-tale writer, Hans Christian
Andersen was born in Odense.
The symposium will be held at Odense Technical College (Odense Teknikum)
which is located 4 kilometers from the center of town.

Special Events:
Tuesday evening there will be a reception at the City Hall where the Mayor
will give a short speech. Wednesday evening there will be a reception at
IFAD. On Thursday evening the symposium banquet is to be held in the
Knights' Hall of Nyborg Castle.

Fee:
We offer you three packages for this symposium:

Tutorial package: 2000 DKK (late registration 2500 DKK)
incl. tutorial material and reception at Odense City Hall.
Conference package: 2800 DKK (late registration 3300 DKK)
incl. conference proceedings, reception at Odense City Hall, reception
at IFAD and the symposium banquet.
Symposium package: 4300 DKK (late registration 4800 DKK)
incl. both tutorial material and conference proceedings, reception at
Odense City Hall, reception at IFAD and the symposium banquet.

All packages in addition contain coffee and cookies at breaks and lunch at
Odense Technical College, local transport to/from hotels and a free
telephone card worth 50 DKK.

If it becomes necessary to cancel a reservation, this must be done in
writing to KongresBureau Fyn before April 1th 1993 to obtain a refund (less
100 DKK). Cancellation after April 1st will incur a 500 DKK administration
charge.

For further information please contact:

KongresBureau Fyn
Raadhuset
DK-5000 Odense C
Denmark
tel: +45 66 12 75 30, fax: +45 66 12 75 86

4. Tutorial Programme (April 19 and 20, 1993)

The two first days of the symposium are dedicated to 8 half-day tutorials on
formal development. The programme is organised into two parallel tracks. The
first track contains 2 tutorials about program development and 2 tutorials
about proving such developments to be correct, and track 2 contains 4 tutorials
about different ways to model parallelism.

Track 1 Functional Programming - Phil Wadler
Data Refinement - Tim Clement
Proof in Z with Tool Support - Roger Jones
Prototype Verification System - John Rushby

Track 2 Coloured Petri Nets - Kurt Jensen
CCS with Tool Support - Kim G. Larsen
LOTOS with Tool Support - Jeroen Schot
Provably Correct Systems - Anders P. Ravn

5. Tools Presentation (Wednesday, April 21, 1993)

During the symposium, exhibitions of tools for the support of formal methods
will be organised. On April 21, in parallel with the conference, a short
introduction to each of the following exhibited tools will be given. ICL Data
are sponsoring the tools exhibition by providing most of the SUN hardware.

DST-fuzz - DST
CADiZ - York Software Engineering Ltd
ProofPower - ICL
The Centaur-VDM environment - CEDRIC-IIE
SpecBox - Adelard
Mural - Manchester University
The IFAD VDM-SL Toolbox - IFAD
The IPTES Tool - IFAD
LOTOS Tools - ITA
Centaur - INRIA
Pet Dingo - NIST
ExSpect - Eindhoven University
Design/CPN - Elektronikcentralen
DisCo-tool - Tampere University
The Boyer-Moore Theorem Prover - CLI
B-Toolkit - B-Technologies SALR
The RAISE Tools - CRI
PVS - SRI
TAV - Aalborg University
FDR - Formal Systems Ltd

6. Invited Speakers (April 21, 22 and 23, 1993)

Each morning during the conference an invited talk will be given by one of the
3 specially invited speakers. These are:

Cliff B. Jones, Manchester University (UK),
Reasoning about Interference in an Object-Based Design Method

Willem-Paul de Roever, Kiel University (D),
Correctness of a Fault Tolerant Algorithm: an application of
Starke's dense time temporal logic for refinement

Peter Lupton, IBM Hursley (UK),
The CICS Experience with Z: Successes and Problems

7. Project Reports (Thursday, April 22, 1993)

In parallel with the April 22 conference sessions, the following project
reports will be presented. Project reports will focus on experiences and
problems encountered in the use of formal methods in real projects.

Specification and Validation of a Security Policy Model (T. Boswell)
Role of VDM(++) in the Development of a Real-Time Tracking and Tracing
System (E. Durr et.al.)
Experiences from Applications of RAISE (B. Dandanell et.al.)
The Integration of LOTOS with an Object-Oriented Development
Method (M. Hedlund)
Towards an Implementation-Oriented Specification of TP Protocol in
LOTOS (I. Widya et.al.)
LOTOS Introduction in a conventional Software Development Life Cycle:
An Industrial Experience (G. Leon et.al.)

8. ESPRIT Project Presentation (Friday, April 23, 1993)

In parallel with the April 23 conference sessions, the following European
projects on formal specification and design will be presented.

SPEC and REACT
DEMON and CALIBAN
LOTOSPHERE
PROOFS
AFRODITE
RAISE and LACOS
IPTES

9. Conference Programme (April 21, 22 and 23, 1993)

* Wednesday, April 21: Cliff B. Jones (invited talk)

Applications of Modal Logic for the Specification of Real-Time
Systems (L. Chen et.al.)
Generalizing Abadi & Lamport's Method to Solve a Problem posed
by A. Pnueli (K. Engelhardt et.al.)
Adding Specification Constructors to the Refinement Calculus (N. Ward)
Real-Time Refinement (C. Fidge)
A Concurrency Case Study using RAISE (C. George et.al.)
A Metalanguage for the Formal Requirement Specification of Dynamic
Systems (E. Astesiano et.al.)
A VDM study of Fault-Tolerant Stable storage towards a Computer
Engineering Mathematics (A. Butterfield)
Automating the Generation and Sequencing of Test Cases from
Model-Based Specifications (J. Dick et.al.)
Maintaining Consistency under Changes to Formal Specifications
(K. Ross et.al.)
The Parallel Abstract Machine: A Common Execution Model for
FDTs (G. Doumenc et.al.)
Putting Advanced Reachability Analysis Techniques Together:
the `ARA' Tool (A. Valmari et.al.)
Process Instances in LOTOS Simulation (S. Pickin et.al.)

* Thursday, April 22: W-P. de Roever (invited talk)

A Proof Environment for Concurrent Programs (N. Brown et.al.)
Encoding W: A Logic for Z in 2OBJ (A. Martin)
On the Derivation of Executable Database Programs from Formal
Specifications (T. Gunther et.al.)
Application of Composition Development Method for Definition of
SYNTHESIS Information Resource Query Language
Semantics (L. Kalinchenko et.al.)
Different FDTs Confronted with Different ODP-viewpoints of
the Trader (J. Fischer et.al.)
Invariants, Frames and Postconditions: a Comparison of the VDM
and B Notations (J. Bicarregui et.al.)
Formal Verification for Fault-Tolerant Architectures: Some
Lessons Learned (S. Owre et.al.)
Verification Tools in the Development of Provably Correct
Compilers (M. Krishna Rao et.al.)
Formal Methods Reality Check: Industrial Usage (D. Craigen et.al.)
The Industrial Take-up of Formal Methods in Safety-Critical
and Other Areas: A Perspective (J. Bowen et.al.)
Selling Formal Methods to Industry (D. Weber-Wulff)

* Friday, April 23: Peter Lupton (invited talk)

Integrating SA/RT with LOTOS (A. van der Vloedt et.al.)
The SAZ Project: Integrating SSADM and Z (F. Pollack et.al.)
Symbolic Model Checking for Distributed Real-Time Systems (F. Wang et.al.)
Model Checking in Practice: the T9000 Virtual Channel
Processor (G. Barrett)
The Frame Problem in Object-Oriented Specifications: An Exhibition
of Problems and Approaches (A. Borgida)
Algorithm Refinement with Read and Write Frames (J. Bicarregui)
Specifying a Safety-Critical Control System in Z (J. Jacky)
An Overview of the SPRINT Method (H. Jonkers)
Conformity Clause for VDM-SL (G. Parkin et.al.)

10. Registration form

Complete and send this registration form before March 1, 1993 to:

KongresBureau Fyn,
Raadhuset,
DK-5000 Odense C,
Denmark.

Registration

Prof [ ] Dr [ ] Mr [ ] Mrs [ ] Miss [ ]

Name: _______________________________________________________
First name: _______________________________________________________
Company: _______________________________________________________
Address: _______________________________________________________
_______________________________________________________
Country: _______________________________________________________
Telephone: _____________________ Telefax: _______________________

Presenter of regular
tool [ ] paper [ ] tutorial [ ] ESPRIT [ ] delegate [ ]

Registration Fee Before March 1 After March 1
=================================================================
Tutorial package DKK 2000 DKK 2500
Conference package DKK 2800 DKK 3300
Symposium package DKK 4300 DKK 4800
=================================================================
Chosen package DKK DKK

[ ] I enclose a banker's cheque in DKK, drawn on a Danish bank, made
payable to FME'93, KongresBureau Fyn.

[ ] Please charge my credit card:
[ ] MasterCard [ ] Eurocard [ ] Visa [ ] JCB [ ] Access
card no. ___________________________________________________
exp. date __________________________________________________

card holders signature _____________________________________

Att. Registration only possible when accompanied by payment of fee.

Accommodation

I would like to reserve:

Cat. single room double room
A [ ] DKK 720 [ ] DKK 890
B [ ] DKK 590-645 [ ] DKK 705-795
C [ ] DKK 300-395 [ ] DKK 430-525

I want to share a double room with: ________________________________

Date of arrival: _________________ Departure: _____________________

Att. Hotel bills are to be handled directly with the hotel. The prices
include breakfast, taxes and service. Reservations will be made in
the order received.

Date: __________________ Signature: ______________________________

------------------------------

End of RISKS-FORUM Digest 14.14
************************