RISKS-LIST: RISKS-FORUM Digest  Wednesday 17 May 1989   Volume 8 : Issue 71

       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
  ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
 American Airlines' reservation system crash (Dave Curry)
 NCIC information leads to repeat false arrest suit (Rodney Hoffman)
 Hacking for a competitive edge (Rodney Hoffman)
 Privacy of SSA records (Marc Rotenberg)

The RISKS Forum is moderated.  Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious.  Diversity is welcome.
* RISKS MOVES SOON TO csl.sri.com.  FTPable ARCHIVES WILL REMAIN ON KL.sri.com.
CONTRIBUTIONS to [email protected], with relevant, substantive "Subject:" line
(otherwise they may be ignored).  REQUESTS to [email protected].
FOR VOL i ISSUE j / ftp KL.sri.com / login anonymous (ANY NONNULL PASSWORD) /
 get stripe:<risks>risks-i.j ... (OR TRY cd stripe:<risks> / get risks-i.j ...
 Volume summaries in (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99).

----------------------------------------------------------------------

Date: Sat, 13 May 89 18:38:13 -0700
From: [email protected] <Dave Curry>
Subject: American Airlines' reservation system crash

Excerpts from "Travel agents in a holding pattern after airline ticket computer
stalls", San Jose Mercury News, 5/13/89 (reprinted from N.Y. Times):

 "The nation's largest airline computer reservation system, American
Airlines' Sabre, inadvertently shut down for almost 12 hours Friday,
disrupting the operations of about 14,000 travel agencies nationwide.  A
large portion of American itself was left without information about who was
booked on flights and whether seats were available, and the airline was
forced to revert to writing tickets by hand to serve tens of thousands of
travelers.  American said, however, that there were no major disruptions of
its 2,300 daily flights.
 The computer shutdown was one of the longest for what has been considered
one of the airline industry's most reliable reservation systems.  [....]
John Hotard, manager of corporate communications for American, said the
Sabre system, housed in an underground bunker-like building in Tulsa, OK,
failed shortly after midnight Friday while workers at the computer center
were installing additional disk drives as part of a system expansion.
 Service was not restored until noon Friday, he said.  But some travel
agencies said their terminals did not resume functioning until one or two
hours after that.  Apparently, no information about reservations and other
travel plans was lost during the failure.   [....]
 Hotard said the problem with the computer system was a failure in its
software.  He said the part of the American computer system that handles
flight operations -- like crew scheduling, fuel loads and weight loads on
American's fleet of airplanes -- was not affected, so flight operations were
not disrupted.

   [The system has EIGHT IBM 3090-200 E mainframes, designed to survive
   ordinary hardware malfunctions.  This appears to be a software
   upgrade screwup that downed the whole system.  PGN]

------------------------------

Date: 14 May 89 17:36:59 PDT (Sunday)
From: Rodney Hoffman <[email protected]>
Subject: NCIC information leads to repeat false arrest suit

An article by James Rainey in the 'Los Angeles Times' 12-May-89 reports
that Roberto Perales Hernandez has been jailed twice in the last three
years as a suspect in a 1985 Chicago residential burglary.  The authorities
confused him with another Roberto Hernandez due to a single entry in the
FBI's National Crime Information Center computer.

The two Roberto Hernandezes are the same height, about the same weight, have
brown hair, brown eyes, tattoos on their left arms, share the same birthday,
and report Social Security numbers which differ by only one digit!

The falsely imprisoned man has filed suit charging the Hawthorne (CA)
Police Dept., Los Angeles County, and the state with false imprisonment,
infliction of emotional distress, and civil rights violations stemming from
the most recent arrest last year.  He had previously received a $7,000
settlement from the county for holding him 12 days in 1986 before realizing
he was the wrong man.  In the latest incident, he was held for seven days
then freed with no explanation.

------------------------------

Date: 14 May 89 17:39:06 PDT (Sunday)
From: Rodney Hoffman <[email protected]>
Subject: Hacking for a competitive edge

From the 'Los Angeles Times' 12-May-89:

  Two former Tampa, FL TV news managers have been charged with illegally
  tapping into phone lines and computers at another station to gain a
  news edge over their competitors.  Former new director Terry Cole and
  assistant news director Michael Shapiro at WTSP-TV have been charged
  with 17 counts of computer hacking and conspiracy in the theft of
  information from WTVT-TV through computer phone lines, authorities
  said.  Their arraignment is set for May 19.  If convicted, each could
  face a maximum prison sentence of 85 years.  The two were fired from
  WTSP when the station learned of the alleged thefts.  The break-ins
  began in November but were not noticed until Jan. 12, when WTVT's
  morning news producer noticed that files were missing, authorities
  said.    Computer experts determined that an intruder had rifled the
  files.  Authorities said Spapiro knew WTVT's security system thoroughly
  because he had helped set it up while working there as an assignment
  manager befroe being hired away from WTVT in October.

I have no idea what sort of charge "17 counts of computer hacking and
conspiracy in the theft of information" really is.

------------------------------

Date: Sat, 13 May 89 11:11:49 -0700
From: [email protected]
Subject: Privacy of SSA records (update on RISKS-8.70)

Two clarifications regarding the item in RISKS-8.70 on the record exchange
involving the Social Security Administration and TRW:

 - The proposed transfer of the social security records to TRW came to an
   end after the plan was disclosed at an April hearing of the Senate
   Committee on Aging.

 - The primary concern expressed by members of Congress was the privacy
 violation, not the cost to SSA.  Senator Pryor said that he was glad the SSA
 had "seen fit to preserve the confidentiality of the Social Security files.
 Unfortunately," he said, "this action comes to late to protect some 150,000
 people whose files were violated in a test run conducted for TRW [in 1987]
 and for more than 3 million people on whom verifications were conducted for
 Citibank and other firms in past years."  The HHS Inspector General also
 described these activities as "the largest breach of privacy in the history
 of the program."

As a matter of privacy law, the plan violated a general provision in the
1974 Privacy Act which states that no agency should disclose any record
unless it obtains the consent of the record subject or a particular
exemption applies.  (None applied in this case).

Some attorneys within SSA were not convinced that the language in the
Privacy Act was dispositive, but a decision of the Supreme Court a month
before the Senate hearing affirming the privacy of computerized criminal
records stored by the federal government tipped the balance in favor of
stopping the program.
                                       - Marc Rotenberg

------------------------------

End of RISKS-FORUM Digest 8.71
************************

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.