Subject: RISKS DIGEST 14.15
REPLY-TO:
[email protected]
RISKS-LIST: RISKS-FORUM Digest Monday 7 December 1992 Volume 14 : Issue 15
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Similar But Different User Interfaces and Traces of Memory (Tom Swiss)
Name Confusion and Democratic Concept of Limited Government (Roy G. Saltman)
Re: Police and Database [name confusion with twist] (Alan (A.G.) Carter)
Toronto Stock Exchange Virus Scare (Shyamal Jajodia)
Re: Akron BBS trial update! (Phil Karn)
Risks of children using BBSes (Re: Akron BBS ..) (Michael P. Deignan)
Lost Technology (A. Padgett Peterson)
Re: Computer theft from GP's; encryption is not a cure-all (Julian Thomas)
Turn Signals (John Sullivan)
Estimating risks (Jerry Leichter)
Revenge via computer (Thomas Dzubin)
Re: Risk reduction: Human Factors (Chris Norloff)
Flood Stories (Lindsay F. Marshall)
Re: holiday reading on Risks (Gary McClelland)
The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to
[email protected], with relevant, substantive
"Subject:" line. Others may be ignored! Contributions will not be ACKed.
The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS,
especially .UUCP folks. REQUESTS please to
[email protected].
Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 14, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
For information regarding delivery of RISKS by FAX, phone 310-455-9300
(or send FAX to RISKS at 310-455-2364, or EMail to
[email protected]).
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
----------------------------------------------------------------------
Date: Thu, 3 Dec 92 16:37:13 -0500
From:
[email protected] (Tom Swiss (not Swift, not Suiss, Swiss!))
Subject: Similar But Different User Interfaces and Traces of Memory
I recently learned a hard lesson about the risks of superficially similar
user interfaces. Most of the time I use GNU Emacs for editing, but my home PC
is too low-powered top run the DOS version with acceptable alacrity, so I
usually use Multi-Edit for files on my PC.
Now, when you exit GNU Emacs with C-x C-c, it prompts you to save the
file you've been working on, like so:
Save file /path/filename? (y or n)
And when you exit Multi-Edit with Alt-X, it prompts you to save the file
you've been working on, something like:
FILE NOT SAVED! Exit?
Yes No Save file and exit
There's a superficial similarity in that both programs ask for
confirmation before exiting with unsaved files, but the Emacs confirmation
confirms saving, while the Multi-Edit confirmation confirms exiting. So to
exit and save changes under Emacs, it's C-x C-c y; to exit and save changes
under Multi-Edit, it's Alt-X s. It should come as no surprise that my fingers
got ahead of my brain and I ended up exiting my Multi-Edit session with Alt-X
y, and lost about an hour's worth of work.
Ah! But all was not lost. For I knew, that somewhere in my PC's RAM,
large portions of my file might still be waiting. I immediately ran a small
utility program called Corelook, and searched the memory for character strings
that might be from my file. I wrote them down on a handy pad of paper, and
between what I recovered from my PC's memory and what I dug out of my memory,
I re-assembled the file.
But what if this hadn't been _my_ file to start with? Open PC labs are
becoming more and more common on university campuses. Assume I was an
unscrupulous computer science student. Pretend I saw a classmate working on a
project in one of these open labs. When he was finished, I might just grab the
PC he was using and search its RAM for anything that might be of interest. If
the PC is running Windows, or any other program that uses virtual memory,
looking at disk used for swap space could also prove very interesting.
Or, for those who are in the habit of leaving their PCs on at work 24
hours a day, after-hours snooping in your machine's RAM by a corporate spy
disguised as a mild-mannered custodian could give your competition a few clues
about what you're up to.
RISKS has seen some recent discussion of the use of supposedly deleted
files on a disk; it's worth remembering that what's left in your RAM might be
interesting to others as well.
- Tom Swiss /
[email protected]
------------------------------
Date: Fri, 4 Dec 1992 11:50:02 -0500 (EST)
From:
[email protected] (Roy G. Saltman)
Subject: Name Confusion and Democratic Concept of Limited Government
Two correspondents, Don Norman and Jerry Leichter, have indicated their
sympathy with the police in the situation of a Canadian citizen who was
confused by the police with another person of the same name. Specifically,
they indicated sympathy for the statement of the police representative who
said the onus was upon the victim to change his name so as to avoid confusion.
While it would be prudent for the victim to modify his name for governmental
as well as for commercial and other non-governmental purposes, he has done
nothing wrong. In the U.S. specifically, and possibly in other democratic
countries such as Canada, the individual is innocent until proven guilty, and
government is the servant of the people, not the reverse. While there may be
extenuating circumstances that could absolve the police, we have statutes
providing compensation for false arrest and for violations of civil rights.
Certainly, the two individuals with the same name lived at different
locations, had different appearances, had different families and friends,
engaged in different occupations or worked at different locations, and had
different (Canadian equivalents of our) social security numbers. In this
country, it is up to government agencies to get it right; it is not required
of an innocent victim to do anything except obey current law.
An activity for which personal identification is essential is voter
registration. If the bill on this subject passed by Congress in its previous
session had become law (it was successfully vetoed by President Bush), the
driver's license would have become the fundamental voter identification and
registration document. Persons would have been required to register to vote
when they obtained or renewed their driver's license unless they *declined in
writing,* a fundamental shift in attitude about the concept of citizen
participation in voting. As this bill is very likely to be introduced in the
new Congress, I may revisit this subject in the near future.
[Don Norman will also. He has prepared a lengthy response to many of
the contributions that have come in recently, but which have not appeared
in RISKS. It will follow in a special double issue of RISKS. PGN]
------------------------------
Date: Thu, 3 Dec 1992 11:36:00 +0000
From: "Alan (A.G.) Carter" <
[email protected]>
Subject: Police and Database [name confusion with twist]
There was an interesting case in the UK in the mid-80s. The Data Protection
Act (DPA) had recently come into force, providing persons whose details were
stored in databases (known as Data Subjects) with certain rights.
A woman applied for a job with a local Council. She thought she was ideally
suited and was surprised to be turned down. Her friend who already worked for
the Council investigated for her and found that for the job concerned, the
Council made a routine check with the Police National Computer (PNC). We don't
want criminals in certain positions of trust. The PNC had claimed that she had
been convicted for shoplifting.
The woman had no criminal record, so she sent her nominal fee to the PNC
people and asked for her record. It was the record of another person with
the same name, who had been convicted in the 1960s. As she had been denied
employment on the basis of the false statement made about her, she decided
to take the PNC people to court and obtain compensation, as allowed for in
the DPA.
Then the Police lawyers came out with a wondrous bit of sophistry. Data
Subjects are indeed entitled to compensation for losses caused by
mis-representation of their records, but in this case, the woman was not a
Data Subject. The other woman, with a criminal record, was a Data Subject, but
our heroine had no criminal record. As she was not a Data Subject she could
not have been mis-represented, and was entitled to no compensation.
The Police won the case.
------------------------------
Date: Fri, 04 Dec 92 15:21:20 EST
From: Shyamal Jajodia <
[email protected]>
Subject: Toronto Stock Exchange Virus Scare
The following report has been paraphrased from the EDPACS Newsletter for
January 1993:
InformationWeek reported that someone described as a disgruntled former
employee of the Toronto Stock Exchange telephoned a local TV station newsroom
and claimed that he had placed a computer virus in the exchange computer
system due to activate at 9-30 the following morning. An all night search of
the system did not reveal any infection, and trading proceeded on the
following trading day without interruption.
This risk is similar to the risk of bomb scares on flights. Seems that all
systems vulnerable to threats that cannot be detected without considerable
work are vulnerable to the risk of false alarms.
Shyamal Jajodia
------------------------------
Date: Thu, 3 Dec 92 01:29:24 -0800
From:
[email protected] (Phil Karn)
Subject: Re: Akron BBS trial update!
I couldn't have invented a better reason to encrypt EVERYTHING on one's
computer system than this. It's sad that it would ever be necessary, but until
civilization matures a little more I don't see much of an alternative.
The law is at present an awfully unreliable safeguard of one's right to
personal privacy. Even when one wins (is acquitted) one almost always loses -
in lost time, personal anguish, diminished reputation and, of course, legal
fees.
I agree with John Gilmore -- I have far more confidence in the ability of
physics and mathematics to protect my privacy than in laws passed by a
government that can violate or ignore them at will.
Phil
------------------------------
Date: Fri, 4 Dec 1992 21:09:40 -0500 (EST)
From:
[email protected] (Michael P. Deignan)
Subject: Risks of children using BBSes (Was: Re: Akron BBS trial update!)
In a previous posting, we read how a BBS sysop was being "unjustly" accused of
various crimes.
Just to balance things out, I would like to refer to the following articles:
This first article appeared in the Providence Journal Bulletin in April 1991.
(Sorry, I don't have the exact date.)
"Computer Guru faces Sex Counts
Networks Abuzz Over Charges Against Bulletin Board Czar
By Christopher Rowland
Journal Bulletin Staff Reporter
Warwick - Michael P. Labbe reigned as a kind of supreme talk-show host for
Rhode Island's home-computer buffs, allowing thousands of hobbyists to
communicate electronically through an array of equipment in his basement.
But Labbe's network crashed last week, when police arrested him and an
associate and charged them with sexually assaulting two teenage brothers
whom he befriended using his computer.
The arrest has left the state's largest computer "bulletin board" in tatters,
crippling a popular source for computer enthusiasts of technical information,
business news, computer-game updates and gossip.
It also has stunned Labbe's subscribers, who have engaged in a steady
electronic discussion of the allegations on various alternative bulletin
boards.
Labbe, 25, and Jeffrey L. Whitman, 23, were released on bail after a bail
hearing yesterday in Superior Court. They had been held at the
Adult Correctional Institute since their April 15 arrest.
Labbe's system, established in 1984, was shut doen after his arrest. It was
revived yesterday after his release, but without its crucial link to a
national and international information network.
Labbe and Whitman are charged with first- and third-degree child
molestation. Authorities allege that Labbe molested the youths during 1989,
1990, and 1991. Whitman is charged with molesting them in 1990.
Authorities said Labbe first contacted the two boys, ages 16 and 14, through
his computer bulletin board, the "Eagle's Nest" - so dubbed because Labbe was
active in Boy Scouts as a North Providence High School student and achieved
the rank of Eagle Scout.
Warwick police said the victims were frequent visitors to Labbe's house,
which visitors described as being an electronic showcase."
[...The article then goes on with testimonials about "what a good boy" he was
and how "shocked" the interviewees are at the charges...]
Well, time passed. Until a few months ago, nobody knew what happened. That
is, until this story was published:
"Warwick Man Sentenced On Felony Morals Charge
(no byline)
Warwick - A founding member of one of the state's largest computer bulletin
board networks received a seven-year suspended sentence after pleading no-
contest this week to a felony morals charge involving two teenagers whom
he befriended using his computer.
Michael P. Labbe, 26, of Warwick was sentenced Thursday after reaching a
plea agreement with the attorney general's office. The victims, who were
15 and 16 at the time of the offense, were present in the courtroom and
had agreed with the sentence.
Labbe and Jeffrey L. Whitman of Cranston were each arraigned in District
Court in April 1991 on charges of first-degree child molestation and third-
degree sexual assault. First-degree child molestation, which carries up to
life in prison, involves children 14 years or younger.
When the case was sent to the Superior Court, the attorney general's office
amended the charges to a felony morals offense, which carries a maximum
10-year sentence. Whitman pleaded no-contest to the same charges last fall
and also received a seven-year suspended sentence.
Labbe founded his computer bulletin board "Eagle's Nest" and contacted the
victims through the network. The network, which Labbe operated with Whitman,
was the oldest and largest bulletin board in Rhode Island and was geared
to general hobbyists and teenagers.
As part of the plea agreement, both men were ordered to undergo counseling
and to have to contact with either of the boys."
This case was depicted by many people on the local BBS scene as an attempt
to "taint" Labbe's image, as part of an attempt by other BBS sysops who
were "jealous" of him to 'take over BBSing in Rhode Island'. However, in
the long run we see that in fact this wasn't the case, that Labbe did
indeed engage in questionable activity with these underage boys, and
eventually pleaded guilty to reduced charges to avoid a prison term.
The Risks in the case are numerous. First, as a parent, you should know
what your children are doing, especially on computer bulletin board systems.
Second, Mike Labbe and the Eagle's Nest BBS is still a participating member
of the RIME network. As Eagle's Nest BBS caters primarily to the under-age
teen user, and the controlling members of the RIME network are aware that
Labbe pleaded guilty to the charges, clearly they continue to support him
and his 'actions'.
In a nutshell, it is important to read beyond the hype and disinformation
which is presented by both sides of the issue and get down to the truth of
the matter.
Michael P. Deignan
[email protected] ...!uunet!rayssd!anomaly!mpd
Telebit +1 401 455 0347
[Excuse me for noting it here, but mole-station is one of the classic
mishy-phenations, along with works-tation and times-tamp, and reminds
me to request that you all try to avoid sending me stuff with rampant
autohy-phenations. It makes routine reformatting really ugly. PGN]
------------------------------
Date: Fri, 4 Dec 92 11:30:39 -0500
From:
[email protected] (A. Padgett Peterson)
Subject: Lost Technology
Some time ago I was made aware of a company that was developing a
software-based session encryption package that would allow remote dial-up
users to authenticate both ends of the connection and prevent eavesdropping by
a simple wiretap. At the time my opinion was that it was something that a
great many companies and agencies needed.
With the current proliferation of "wireless LANs" the danger becomes even
acute since a physical connection is unnecessary for capture of traffic.
One of the real advantages of the system was that it was purely software based
making it much more portable and potentially far less expensive than hardware
devices.
Recently, I found that the development of the product had ceased from a lack
of funds. It seemed that the FBI wiretap proposals had given their sponsor
cold feet.
It is particularly bothersome since the proliferation of error correcting
modems has removed the only real barrier to full session encryption (line
noise causing loss of synch).
With all of the RISKS of bringing to market a fully featured software product
(actually developing the driver is not that difficult, it is the user
interface, compatibility testing, and quality control that really adds up in
time and effort), we must now add intimidation of the backers to the list.
Padgett
ps for anyone who might be interested, the company is CRYPTECH in Jamestown,
New York (716)484-0244. I have no other knowledge of the company besides
having seen the demo.
------------------------------
Date: Thu, 3 Dec 92 11:13:42 EST
From:
[email protected] (Julian Thomas)
Subject: Re: Computer theft from GP's; encryption is not a cure-all
I share your concern about the risk, but it is far too easy to get complacent
about the protection afforded by encryption since the medical community isn't
apt to be as sophisticated as members of the computing community when it comes
to password security (selection of good passwords, not writing them down,...).
The human element is normally the weak link in cases like these; it might be
easier to subvert an office worker for a key than for a medical record itself.
To be effective, a records encryption scheme would need to be both powerful
(ideally using different keys for different records), easy to use (so it
doesn't make the job of the legitimate users significantly more difficult),
and robust (resistant to subversion by either malice or ignorance). I have
often used a diskette file (that can be separately physically secured) to load
a password (or set of keys) into memory on system startup; other schemes will
undoubtedly come to mind.
If the thefts are for the equipment, not the data, today, it may not be too
long before the thieves find it profitable to pass the equipment on to the
professional blackmailers rather than the usual fencers of hot equipment.
Snailmail: 83DA/988 IBM DSD Kingston Compuserve: 72355,20 MCIMAIL: 173-6393
<Alternative EMail address,
[email protected] may not work...>
------------------------------
Date: Thu, 3 Dec 92 22:17:06 CST
From:
[email protected]
Subject: Turn Signals
Seeing a couple of postings from Don Norman in a recent RISKS reminds me that
I haven't seen mention of his book(s) here. I got a copy of "Turn Signals are
the Facial Expressions of Automobiles", a collection of essays on the
interaction of technology and society, a few months ago, and found it so
engaging that I lost sleep reading it in one night. I haven't read his
earlier book "The Design of Everyday Things".
Norman's essays touch on topics like misleading user interfaces (on things
as simple as doors), the trend towards experiencing life through recordings,
low-tech fixes for confusing airplane cockpits, the estimation of low-
probability risks, and the ramifications of international computer
networks. Of course, this is not an exhaustive list.
Addison Wesley: ISBN 0-201-58124-8 (I got my copy through Library of Science)
-John Sullivan,
[email protected]
------------------------------
Date: Sat, 5 Dec 92 07:54:46 EDT
From: Jerry Leichter <
[email protected]>
Subject: Estimating risks
This Wednesday through Friday mornings (2-Dec through 4-Dec), NPR's Morning
Edition ran an extended story on environmental problems and the present and
future of the EPA and environmental laws. Unfortunately, I only caught the
tail ends of two of the segments.
Of particular interest to this group - and I wish I'd heard the whole thing! -
was Thursday's segment. At least the part I did hear discussed the problem of
tradeoffs: With limited resources, how do we decide which risks are the ones
most important to deal with? Much of the discussion centered on a question
that has been recently discussed in RISKS: Is "the common man" competent to
answer such questions in a rational way? The answer of the people they spoke
to was basically, "yes". As has been discussed here, people do not look only
at probabilities in deciding the importance of various risks; but they do
follow an understandable, not at all arbitrary, procedure.
One interesting study they cited: If asked to rank the "danger of death" from
a variety of causes, such as (say) smoking or driving, people come up with an
ordering that does not match the probabilities of death from those causes.
However, if the same people are asked to rank the "CHANCES of death", they
produce the "correct" ranking. The "incorrect" ranking is not based on
ignorance!
I seem to recall seeing messages from someone on NPR in RISKS. Anyone out
there who could get a transcript of this segment for RISKS readers?
Jerry
------------------------------
Date: Sun, 6 Dec 92 11:28:07 PST
From:
[email protected] (Thomas Dzubin)
Subject: Revenge via computer
San Francisco. A man sent his ex-wife (who had apparently asked him to
retrieve some inaccessible files) a computer diskette that destroyed her
entire hard disk, including software and manuscripts, and then displayed a
vengeful limerick. James Welsh, a 32-year-old accountant has pleaded not
guilty to three counts of "introducing a virus" into the computer. He could
face three years in prison if convicted. Welsh's ex-wife, writer Kathleen
Shelton, said she had a problem with a computer they formerly owned together.
Welsh apparently sent her a computer disk with instructions for correcting the
trouble. Police said, "She followed Welsh's instructions, which resulted in
the destruction of approximately $8,000 worth of software and manuscripts,
leaving only a limerick explaining Welsh's actions against her."
"A lying bitch named Kathleen,
Made in the courts quite a scene.
To have her ex, the hacker,
Enjoined not to smack her,
So I wiped her whole hard disk clean."
Detectives searched Welsh's home, seized $4,000 worth of computer hardware and
allegedly found evidence of the "virus". Welsh's lawyer, Annette Lombardi,
said: "There's not as much damage as charged. It's basically the cost of
getting a guy to fix the computer and install new software." [Presumably a
DIFFERENT GUY this time..., maybe someone who can write poetry that scans.]
[Source _The Province_ Vancouver, B.C. Canada, plus the San Francisco
Chronicle, 4 Dec 1992, edited by PGN]
------------------------------
Date: Mon, 7 Dec 92 11:27:41 EST
From:
[email protected]
Subject: Risk reduction: Human Factors (Moonen, RISKS-14.03)
Ralph Moonen (
[email protected]) writes in RISKS-14.03 that he's concerned
about making concessions during design. He includes human factors as a
concession, when it is, in fact, a prime design requirement in most systems.
After all, humans operate most of the systems we design!
I'm a human factors engineer, and have seen incredibly bad designs built to
meet schedule or performance requirements, with no regard to the human
operators. People are part of the system, not merely users. And just because
a designer can operate a system doesn't mean a typical user can operate a
system. This has been proven time and time again. And the lesson has not
been learned yet. Just reading through RISKS provides many examples of poor
user design: bad interfaces, mental models foreign to current users, and
systems not meeting users' needs.
Systems, including computer systems, must be designed with the human as the
main enabling part of the system. The system should take advantage of humans
strength and not overload human weaknesses.
Mr. Moonen's comment that they will see better products by following his
points, but that he hasn't "touched the subject of user interaction"
illustrates the problem: designers are designing for themselves rather than
for the users.
Chris Norloff
[email protected]
------------------------------
Date: Thu, 3 Dec 92 16:49:31 GMT
From: Lindsay F. Marshall <
[email protected]>
Subject: Flood Stories
A while ago I asked for people's stories relating to computers and floods (not
just of water - molten metal featured in one). Since then, I am sure new
readers have joined and new floods have happened, so if you haven't sent me
your flood story before can you please send it to me now.
[email protected] +44-91-222-8267 FAX +44-91-222-8572
Computing Laboratory, The University, Newcastle upon Tyne, UK NE1 7RU
------------------------------
Date: Thu, 3 Dec 1992 08:50:58 -0700
From:
[email protected] (Gary McClelland)
Subject: Re: holiday reading on Risks (Agre, RISKS-14.14)
>Lorraine Daston, Classical Probability in the Enlightenment, Princeton:
>Princeton University Press, 1988. This is a detailed and scholarly history
>of early modern mathematical ideas of probability.
I second the recommendation for reading Daston's histories. For those with
limited time, I recommend as a shorter course this wchapter:
Daston, L. J. The domestication of risk: Mathematical probability
and insurance 1650-1830. In L. Kruger, L. J. Daston, & M.
Heidelberger (Eds.), The probabilistic revolution: Volume 1.
Ideas in history (pp. 237-260). Cambridge , MA: MIT Press, 1987.
It is interesting to look back and see the probabilists scratching their heads
trying to understand the boneheadedness of both users and designers of
insurance systems (e.g., the Bank of England almost went broke by selling
lifetime annuities at a fixed price _not_ conditional on age). I think
readers of RISKS often scratch their heads in the same way trying to
understand the boneheadedness of both users and designers of computer systems.
The good news is that the insurance companies finally got it right with
respect to probability. The bad news is that it took a long time and required
some fundamental shifts in thinking about probability and uncertainty. RISKS
readers may therefore find some lessons in Daston's work on what must occur
before designers and users of computing systems (ironically, of course, the
insurance companies are now big users) more appropriately deal with the risks
of computing. Alas, the Bank of England was near bankruptcy before they wised
up so the message may not be comforting.
gary mcclelland, univ of colorado
[email protected]
------------------------------
End of RISKS-FORUM Digest 14.15
************************
