Subject: RISKS DIGEST 14.76

Subject: RISKS DIGEST 14.76
REPLY-TO: [email protected]

RISKS-LIST: RISKS-FORUM Digest Tuesday 20 July 1993 Volume 14 : Issue 76

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
Earthquake `early' warning system (Bill Owens)
DSS as a stamp tax (Mark Seecof)
Privacy report in Canada (Mich Kabay)
Remote Control Car Locks (David Plumpton)
Airline entertainment systems - a true captive audience (Jon Leech)
Re: Strasbourg A320 crash: "Pilot Error" (Flint Pellett)
Re: Medical Reimbursements (Dan Yurman, Amos Shapir, Bob Frankston)
ATM Fraud/Databases/Ouch! (Russ Smith [2])
CFP94 (George Trubow via Willis Ware)
Science and Technology Through Science Fiction Workshop (Miquel Barcelo)

The RISKS Forum is a moderated digest discussing risks; comp.risks is its
Usenet counterpart. Undigestifiers are available throughout the Internet,
but not from RISKS. Contributions should be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to [email protected], with appropriate, substantive
"Subject:" line. Others may be ignored! Contributions will not be ACKed.
The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS,
especially .UUCP folks. REQUESTS please to [email protected].

Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 14, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.

For information regarding delivery of RISKS by FAX, phone 310-455-9300
(or send FAX to RISKS at 310-455-2364, or EMail to [email protected]).

ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

----------------------------------------------------------------------

Date: Wed, 14 Jul 1993 22:02:28 -0400 (EDT)
From: Bill Owens <[email protected]>
Subject: Earthquake `early' warning system

The latest Scientific American has a short piece in the Science and the
Citizen department titled 'Fast Moves: Instant earthquake analysis may beat
the waves' (August 1993, pp. 22-24). The primary topic is a system being
developed at the California Institute of Technology which attempts to analyze
seismological data immediately upon receipt, locating the quake and providing
information to interested parties within minutes or even seconds. To achieve
this, they are building a network of seismological labs in southern
California. They appear to be thinking about the risks:

Fast-analysis systems like the one at Harvard need not worry about small
errors, because "they're not intended to support emergency operations...
CUBE [the network] cannot afford to make mistakes"

But the real danger becomes apparent from the first paragraph of the article:

...researchers may soon be able to anticipate the effects of an initial
tremor, enabling railroads to stop or slow their trains and permit [sic]
elevator systems to halt at the nearest floor.

While that sort of automatic response would have the potential to be very
helpful, it's obviously worrisome. Unfortunately, the system appears to
require automation to achieve sufficiently fast response time. It would seem
to be a difficult problem to not only analyze tremors without false alarms,
but to predict damage well enough to activate only those safety measures
necessary...
[email protected]
Bill Owens, 727 Elmwood Avenue, Rochester, NY 14620 716/275-9120

------------------------------

Date: Tue, 20 Jul 93 17:05:57 -0700
From: Mark Seecof <[email protected]>
Subject: DSS as a stamp tax

Many people raised in the U.S. are unfamiliar with general stamp taxes. We
know about excise taxes (e.g., liquor) with payment evidenced by stamps, and
tax stamps to validate specific documents (e.g., hunting licenses). But (to
my perhaps inadequate knowledge) the U.S. hasn't had a general stamp tax since
the War of Independence. England had one years ago... most signatures on
receipts for money or bills of sale were invalid unless scrawled across
postage stamps. England still imposes stamp taxes on some business
transactions, e.g., transfer of real property.

NIST's proposal to "license" the DSS to PKP, forcing "the rest of us"
including all who wish to transact business with the U.S. government to pay
PKP every time we sign something digitally amounts to the imposition of a
general stamp tax. Worse, it is a tax imposed by the government for the
benefit of private persons (those who are paid by PKP).

Attempts by George III's government to impose various stamp taxes on American
colonists 200-odd years ago fueled revolutionary sentiment among them...

------------------------------

Date: 15 Jul 93 10:02:09 EDT
From: "Mich Kabay / JINBU Corp." <[email protected]>
Subject: Privacy report in Canada

A report in the Globe and Mail newspaper in Canada (Wed, 14 July 1994; #44801,
page 1) by Geoffrey York of the Parliamentary Bureau is entitled "Privacy
report warns of `Big Brother' computer; Linked government databases called
ominous." Here is a summary.

The Canadian federal government's privacy commissioner, Bruce Phillips,
submitted a report warning that electronic data interchange among
government computers could bring Orwellian Big Brother consequences to
society. The government is proposing to establish booths where residents
could transact government business; however, users would have to provide
personal identification numbers, photographs, and fingerprints to be
permitted to use these booths.

The commissioner is concerned about the routine exchange of private
information among people "whose right to the information is, at best,
debatable." He also criticized the growing use of electronic surveillance
and monitoring in the workplace. He urged Canadians to push for broader
privacy rights and guidelines to control government use of electronic
networks.

Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn.

------------------------------

Date: Thu, 15 Jul 1993 13:48:44 +1000
From: [email protected] (David Plumpton)
Subject: Remote Control Car Locks

There was an article on the news the other night featuring a rather homemade
looking device that a man had purchased for A$150 in Malaysia. This gizmo
records and then transmits the codes that unlock car doors (or garages etc). A
thief loiters around with the device set to receive as somebody is leaving
their expensive looking car. When a remote control is used to lock the car,
the signal is picked up and recorded by the device. The car owner wanders
off, thinking that the car is secure. The thief sets the device to transmit,
and hey presto the car unlocks itself for the thief.

Such an elegant and simple idea; I'm surprised that it took this long for
someone to think of it (I certainly didn't). [*] The Australian police want
the device made illegal (possession of it, I guess). What's the bet that the
police will have legal use of it, though. Looks like pretty soon, remote
controls will need time-stamped encryption techniques...

[* Remember the movie *WarGames*, and the door-control touch-tones beaten
by a record-and-playback attack? It's an old form of vulnerability for
fixed authenticators. However, remember that even one-time tokens may be
compromised if they are not properly incorporated into the system. PGN]

------------------------------

Date: Tue, 20 Jul 93 14:23:27 -0400
From: Jon Leech <[email protected]>
Subject: Airline entertainment systems - a true captive audience

An article "Bottom Line Key In Video Systems" (Aviation Week, July 19,
1993, page 53) describes upcoming per-seat interactive video systems which
will be eventually be installed in many aircraft. The last paragraph touches
on privacy concerns:

"On-board passenger entertainment systems also offer airlines a powerful
marketing research tool. Master control unit software can be modified to
log passenger viewing habits and game use. Inventory records can be
adjusted automatically as meals and beverages are served. Passengers
also can be asked to provide selected demographic data."

This is similar to the credit-card supermarket checkout systems, with the
added bonus (for the airline) that they know just who is sitting in every seat
- even the fact that someone *doesn't* watch TV will be noted.

Not that this seems like a significant privacy concern. But it's bad
enough that we have to put up with advertisements for the airline blasting
out of the speakers and garrulous twits who rattle away on Airphones in the
next seat, without new annoyances such as this.

Jon ([email protected])

------------------------------

Date: 9 Jul 93 14:22:04 GMT
From: [email protected] (Flint Pellett)
Subject: Re: Strasbourg A320 crash: "Pilot Error" (Mellor, RISKS-14.74)

> The conclusion on the cause of the accident is "pilot error".

More of a user-interface design error, if you ask me. If you overload a
person with things to do and input to consider to the point where they can no
longer keep up, it is hardly reasonable to simply brush it off as "human
error" when they fail to keep up.

This particular risk is one in which I think more computerization ought to be
possible, and even good. A computer in the cockpit ought to be able to
monitor the fact that "we're dropping 1100 m/s and we're only at 1500 m
altitude" (along with quite a number of other things as well), prioritize
potential problems, and then issue a verbal warning to the pilots if any
problem gets life threatening like this. (Hopefully before it is too late to
do anything.) The frequency of warnings are critical of course: if it cries
"wolf" too often, it will get ignored.

Flint Pellett, Global Information Systems Technology, Inc., 100 Trade Centre
Drive, Suite 301, Champaign, IL 61820 (217) 352-1165 [email protected]

------------------------------

Date: Thu, 15 Jul 93 10:30:03 PDT
From: Dan Yurman <[email protected]>
Subject: System Dynamics of Medical Reimbursements

SYSTEM DYNAMICS OF MEDICAL REIMBURSEMENT PROBLEMS

Sanford Sherizen ([email protected]) writes in Risks Digest 14.75 regarding
the risks of incomplete management processes as well as faulty computer
systems regarding medical reimbursement systems. The emphasis is more on the
dynamics of the system than any particular computer risk.

1st: many physician practices "offload" their entire billing operation to
service bureaus. 2nd: these service bureaus earn a fee for timely payment
regardless of source, e.g., the patient or his/her insurance carrier. 3rd:
some group practices, and large practices like HMOs, offer their service
bureaus incentives for timely turnaround on receivables as well as penalties
for failure to produce.

This creates an incentive for the service bureau to aggressively bill both the
patient and the insurance carrier and worry about sorting out double payments,
if at all, later on. The reinforcing loop for the service bureau is to churn
payments as fast as possible regardless of source. The more quickly their
doctor customers get paid, the more robust their incentive fee. From a
systems perspective there is no balancing loop to insure integrity in the
service bureau's records with regard to the source of the payment, only that
an amount has been tallied and the client physician office has covered its
receivables.

The service bureau cheerfully "offloads" the issue of reconciling mistakes in
the source of payment to the patient. Their view is that patients will "know"
and have "proof" that the bill for service has been covered. Here is tiny
(pop. 45,000) Idaho Falls, ID, we have one such service bureau which exactly
follows this model of aggressive practice in double billing the patient and
the insurer. Further, there is an long lag (60+ days) in reconciling payments
from insurers with copayments from patients.

Complaints to the provider have little effect. Once billing is offloaded to
the service bureau, there is no one left in the doctor's office who is able,
besides the doctor, to deal with the problem. As long as he/she is getting
paid, the doctor has no special interest in patient billing problems with the
service bureau. Typically, the doctor's office computer system is tied in
directly to the service bureau. When the doctor looks at the system, the
accounts are ok, and problems of double billing to the patient are invisible.

Patients have an opportunity to create a balancing loop if it is external to
the doctor/service bureau system. Patients could form a consumer action
organization which would intervene on their behalf, privately and publically,
with service bureaus and their customers. The annual cost to a patient, e.g,
on the order of $25/year, would be cost effective when compared to the average
annual health bill of a family of four, e.g, $2,000-3000/year at a minimum.

Insurance companies, which are probably also fed up with aggressive double
billing from service bureaus, might have an incentive to support such
organizations. This would be especially true for those employers who
self-insure and hire companies like Mutual of Omaha or Prudential to simply
process the paperwork. The reference to these firms is for example purposes
only, and is not intended to imply any connection to service bureau practices.

Dan Yurman, PO Box 1569, Idaho Falls, ID 83403 [email protected]
[email protected]

------------------------------

Date: Sun, 18 Jul 1993 17:02:38 +0300
From: Amos Shapir <[email protected]>
Subject: Re: Medical Reimbursements and Computer Glitches

This indeed may be quite common - an almost exactly identical incident
happened to me -- about 10 years ago. It seems the lab bill is
handled separately, and the lab computer (or their collection agency's
computer) is not informed that the bill has been paid.

Amos Shapir, The Hebrew Univ. of Jerusalem, Dept. of Comp. Science.
Givat-Ram, Jerusalem 91904, Israel [email protected] Tel: +972 2 585706

------------------------------

Date: Wed, 14 Jul 1993 23:50 -0400
From: [email protected]
Subject: Re: Medical Reimbursements and Computer Glitches

I've long tried to track medical insurance payments. It isn't easy. In this
example the user relied on the lab to assure that there records were correct
and become aware of a specific case where they were probably wrong and
followed through.

In general, however, each component system is designed in isolation with no
thought being given to auditability on the part of the user. There are lots
of uncorrelated pieces of paper mailed around with payments in varying
amounts according to arcane rules going to various parties including the
patient. The insurance companies seem to have some concept of medical events
in an attempt to avoid double payments. But there is never a summary so the
user can understand what is happening without collecting every slip of paper
into one central set of records that correspond to the insurance company's
representation.

One particular offender locally is Newton-Wellesley Hospital where each
entity seems to be a separate corporation that does its own billing for each
aspect of each procedure for combination of locations. This is compounded by
having multiple members of a family with slightly differing names. And then
there are lab tests...

Simple ideas like replacing bills that contain a single amount past do with
summaries of payments and events and some common identification of events
would go a long way. Such a system would be in the interest of the insurance
agents as a way to discover errors and fraud.

In the meantime, I'll continue to use standard system methodology. Whenever
things are confused let things quiesce. Don't pay bills until the insurance
company and the doctors have had their chance to go around a few times and
then take a guess at whether what remains to be paid is appropriate.

------------------------------

Date: Mon, 19 Jul 93 13:14:30 EDT
From: [email protected] (Russ Smith)
Subject: ATM Fraud/Databases/Ouch!

To extend the much-trod ATM-fraud path...

My MasterCard number was recently used to fraudulently make $8000
worth of ATM cash advances over a 4 day period. Seems that the number
itself was obtained via some standard illegal route which by now has
undoubtedly been discussed (just the number was obtained, not the card
itself) thus will not be addressed further in this note.

Much more interesting, however, was how my PIN was obtained, allowing
the perpetrators of the fraud to use a fake MasterCard in an ATM 4
times a day, 4 days in a row, $500 each time...

Seems a written request for change-of-address was received by my
Credit Union (backers of the MasterCard); this change was processed
sometime on Wednesday, July 7th. The request included all sorts of
identity-confirming information such as date of birth, social security
number, and my mother's maiden name. The address was changed to a
Brooklyn NY apartment (I live in a single-family house in Virginia).

IN THE SAME LETTER a request was made for a copy of the PIN for the MasterCard
(not unusual for people to forget a PIN and request it again). The PIN, the
most important secret piece of information for the card, was dutifully mailed
off to the fraudulent address in Brooklyn.

Starting Monday, the 12th, the fraudulent cash advances were made from
two different Brooklyn banks' ATMs.

Upon finding out about the fraud (tried to use the card myself and was
declined for the first time in my life), I immediately called every financial
institution I do business with -- fortunately, they all require some crucial
bit of information for phone account manipulations (like a mother's maiden
name...), send a change-of-address notice to BOTH the new AND old addresses,
and won't send money/crucial info to the NEW address for 30 days.

Hope YOUR financial institutions protect your PINs as well...

Oh yeah, one more thing...on calling my MasterCard Service Center I was told
that requests for PINs are handled by regenerating the same PIN and mailing it
off to the address -- the SAME PIN is -always- regenerated (not just
retrieved) from the same MasterCard #; if you want a DIFFERENT PIN, you have
to get an entirely new MasterCard number...hmmm...

Russ <[email protected]>

------------------------------

Date: Tue, 20 Jul 93 10:41:44 EDT
From: [email protected] (Russ Smith)
Subject: ATM Fraud/Databases/Ouch!, Part II

After many calls and faxes I've found out a little more about the mechanisms
behind ATM transactions and the fraudulent use of a MasterCard number of mine.

It turned out that the previously-related fraud was done using an
EXPIRED MasterCard number to withdraw cash from an ATM machine, not my
current MasterCard number. When the request for both the
change-of-address and the PIN number came via a letter, an old EXPIRED
MasterCard number was used (had expired more than a month earlier).
The change-of-address and PIN number for the expired card were
processed and sent off to the fake address The perpetrators then used the
expired card number and its PIN number to make the cash advances.

How is it possible to use an EXPIRED card to make $8000 in cash advances?

It's possible because the ATM's verification center ONLY checks if the
card number is on a list of STOLEN/LOST cards. If the card is not
stolen/lost, the verification center then performs a verification
check of the information FROM THE CARD ITSELF, not from some other
database.

So the perpetrators just wrote a new expiration date on the magnetic
stripe of their fake card; the ATM verification center verified that
the date hadn't yet passed and that was that.

Russ "Cancelled Credit" <[email protected]>

------------------------------

Date: 14 Jul 93 11:04:30 CST
From: [email protected] (George Trubow, John Marshall Law School)
Subject: CFP94 (Sent to RISKS via Willis Ware)

Conference Announcement and Call for Papers
Computers, Freedom, and Privacy 1994
23-26 March 1994

The fourth annual conference, "Computers, Freedom, and Privacy," will be
held in Chicago, Il., March 23-26, 1994. This conference will be jointly
sponsored by the Association for Computing Machinery (ACM) and The John
Marshall Law School. George B. Trubow, professor of law and director of the
Center for Informatics Law at The John Marshall Law School, is general
chairman of the conference.

The series began in 1991 with a conference in San Francisco\Burlingame,
and subsequent meetings took place in Washington, D.C. and again in San
Francisco\Burlingame, in successive years. Each conference has addressed a
broad range of issues confronting the "information society" in this era of the
computer revolution.

The advance of computer and communications technologies holds great
promise for individuals and society. From conveniences for consumers and
efficiencies in commerce to improved public health and safety and increased
knowledge of and participation in government and community, these technologies
are fundamentally transforming our environment and our lives.

At the same time, these technologies present challenges to the idea of a
free and open society. Personal privacy is increasingly at risk from
invasions by high-tech surveillance and monitoring; a myriad of personal
information data bases expose private life to constant scrutiny; new forms of
illegal activity may threaten the traditional barriers between citizen and
state and present new tests of Constitutional protection; geographic
boundaries of state and nation may be recast by information exchange that
knows no boundaries as governments and economies are caught up in global data
networks.

Computers, Freedom, and Privacy '94 will present an assemblage of
experts, advocates and interested parties from diverse perspectives and
disciplines to consider the effects on freedom and privacy resulting from the
rapid technological advances in computer and telecommunication science.
Participants come from fields of computer science, communications, law,
business and commerce, research, government, education, the media, health,
public advocacy and consumer affairs, and a variety of other backgrounds. A
series of pre-conference tutorials will be offered on March 23, 1994, with the
conference program beginning on Thursday, March 24, and running through
Saturday, March 26, 1994.

The Palmer House, a Hilton hotel located at the corner of State Street
and Washington Ave. in Chicago's "loop," and only about a block from The John
Marshall Law School buildings, will be the conference headquarters. Room
reservations should be made directly with the hotel, mentioning The John
Marshall Law School or "CFP'94" to get the special conference rate of $99.00,
plus tax.
The Palmer House Hilton
17 E. Monroe., Chicago, Il., 60603
Tel: 312-726-7500; 1-800-HILTONS; Fax 312-263-2556

Call for Papers and Program Suggestions

The emphasis at CFP'94 will be on examining the many potential uses of
new technology and considering recommendations for dealing with them.
Specific suggestions to harness the new technologies so society can enjoy the
benefits while avoiding negative implications are solicited.

Proposals are requested from anyone working on a relevant paper, or who
has an idea for a program presentation that will demonstrate new computer or
communications technology and suggest what can be done with it. Any proposal
must: state the title of the paper or program; describe the theme and content
in a short paragraph; set out the credentials and experience of the author or
suggested speakers; and should not exceed two pages. If an already completed
paper is being proposed for presentation, then a copy should be included with
the proposal.

Student Papers and Scholarships

It is anticipated that announcement of a student writing competition for
CFP'94 will be made soon, together with information regarding the availability
of a limited number of student scholarships for the conference.

Timetables

Proposals for papers and programs are being accepted at this time. It is
intended that program committees will be finalized by August 1, 1993.
Proposals must be received by October 1, 1993.

Communications

Conference communications should be sent to:

CFP'94
The John Marshall Law School
315 S. Plymouth Ct.
Chicago, IL 60604

(Voice: 312-987-1419; Fax: 312-427-8307; E-mail: [email protected])

------------------------------

Date: Thu, 15 Jul 1993 14:24:18 UTC+0100
From: Miquel Barcelo <[email protected]>
Subject: STSF WORKSHOP

CALL FOR PAPERS
SCIENCE AND TECHNOLOGY THROUGH SCIENCE FICTION
workshop next summer in Barcelona, Spain (22nd and 23rd, June 1994)

This will be the first edition of such a Workshop. If you know more
people that could be interested, please help in making this information
available by forwarding this message.

If you need more information, please feel free to contact
[email protected], Dr. Miquel Barcels, Software Department - UPC
Pau Gargallo, 5, E 08028 BARCELONA (Spain)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

First Announcement and CALL FOR PAPERS
STSF '94

An International Workshop on
SCIENCE and TECHNOLOGY through SCIENCE FICTION
22nd-23rd June 1994 - BARCELONA (Spain)

Organized by CONSELL SOCIAL (Board of Trustees)
of Universitat Polithcnica de Catalunya (UPC)

in cooperation with:
Software Department (UPC)
Physics and Nuclear Engineering Department (UPC)
WORLD SF (Hispanic Chapter)

THE WORKSHOP

A good working definition of science fiction is "speculative
extrapolation about the effect of science and technology on society".
The aim of this International Workshop is to provide a forum for identifying,
encouraging and discussing research about science and technology, or their
consequences, as portrayed in science fiction. The Workshop will bring
together researchers, scientists, and other academics with science fiction
professionals to share information and explore new ideas about the
relationship between science fiction, science and technology.

TOPICS OF INTEREST
The topics of interest include but are not limited to:
- Biotechnology, genetic engineering
- Computer science, robotics, artificial intelligence
- Macroengineering
- Nanotechnology
- Physics, astronomy, cosmology
- Professional activity of scientists and engineers
- Social impact of science and technology
- Teaching science and technology with science fiction

PROGRAM COMMITTEE

* Miquel Barcels (Software Dept., UPC, SPAIN)
* Joe Haldeman (SFWA president, M.I.T. Associate Professor, USA)
* Elizabeth A. Hull (SFRA past-president, USA)
* Frederik Pohl (SFWA and WSF past-president, USA)
* Vernor Vinge (Dept. of Math Sciences, SDSU, USA)

ORGANIZING COMMITTEE

* Miquel Barcels (Software Dept., UPC)
* Laura Cabarrocas (Board of Trustees (secr.), UPC)
* Gay Haldeman (Writing Program, M.I.T.,USA)
* Pedro Jorge (Hispanic Chapter of WORLD SF)
* Jordi Josi (Physics and Nuclear Engineering Dept., UPC)
* Louis Lemkow (Sociology Dept., UAB)
* Manel Moreno (Physics and Nuclear Engineering Dept., UPC)

INSTRUCTIONS TO AUTHORS

Paper submissions must be in English and no more than 6000 words long. The
Proceedings of the Workshop will be published by the organizing institution.
Authors are requested to submit a "Letter of Intention" with the title of the
paper and a short abstract (less than one page) before November 30, 1993.
Authors must submit five copies of each paper, before January 31, 1994, to
the Program Chairperson: Miquel Barcels
Facultat d'Inform`tica
Universitat Polithcnica de Catalunya
Pau Gargallo, 5
E 08028 BARCELONA (Spain)
Tel: 34.3.401.6958
Fax: 34.3.401.7113
E-mail: [email protected]

IMPORTANT DATES

* Deadline for Letter of Intention: November 30, 1993
* Deadline for Paper Submission: January 31, 1994
* Notification of Acceptance: March 15, 1994
* Camera Ready Papers Due: April 30, 1994
* Workshop: June, 22-23, 1994

------------------------------

End of RISKS-FORUM Digest 14.76
************************