FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED
SYSTEMS
ACM Committee on Computers and Public Policy, Peter G.
Neumann, moderator
Contents: [CLEAN-UP OF BACKLOG. *END* OF SOME OF THE Re:
SUBJECTS?]
Palo Alto library computer system calamity (PGN)
Computer errors in Spanish elections (Miguel Gallardo)
Seattle Hackers Fined (Dave Weingart)
Re: Flight control computers 'to bypass pilots' (Timothy
Buchanan)
Across the Computer Divide (Marty Leisner)
The Internet is international (Frederick Roeber)
Re: Whitehouse mail (Marcus J Ranum)
Re: Grassroots vs. Astroturf Movements (Max Stern)
Re: French Fry Robots! (Hugh JE Davies)
Re: Citibank ATM risk (Jerry Hollombe, Dave Weingart, Greg Brail)
Re: Cryptography, Free Speech, and so on (Carl Ellison)
Re: Clipper (Dave Banisar)
Re: Health effects of VDTs (correction) (Kenneth R Foster)
Re: Errors in the correction of the error (Bruce Limber, BillV)
Re: What's in it for the grocer? (Geraint Jones, David Carroll,
Mike Olson,
Brad Hicks)
The RISKS Forum is a moderated digest discussing risks;
comp.risks is its
Usenet counterpart. Undigestifiers are available throughout the
Internet,
but not from RISKS. Contributions should be relevant, sound, in
good taste,
objective, cogent, coherent, concise, and nonrepetitious.
Diversity is
welcome. CONTRIBUTIONS to [email protected], with appropriate,
substantive
"Subject:" line. Others may be ignored! Contributions will not
be ACKed.
The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET
FROM: ADDRESS,
especially .UUCP folks. REQUESTS please to
[email protected].
Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login
anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 14, j always TWO
digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory;
"bye<CR>" logs out.
The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" =
"128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username,
password.
For information regarding delivery of RISKS by FAX, phone
310-455-9300
(or send FAX to RISKS at 310-455-2364, or EMail to
[email protected]).
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL
DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of
regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state
otherwise.
Date: Sat, 12 Jun 93 11:24:09 PDT
From: "Peter G. Neumann" <[email protected]>
Subject: Palo Alto library computer system calamity
On 13 May 1993, the computer system used by the Palo Alto
Library's six
branches began to make a few small errors in processing requests.
The staff
considered the errors not too serious at that time. However, by
22 May, the
problems had escalated seriously, and the service folks were
called in.
The system is an eight-year-old Ultimate System from Honeywell.
Only used or
reconditioned replacement parts are available. Unfortunately,
the replacement
parts turned out to be lemons, which further aggravated the
situation. As a
backup, the staff resorted to a read-only file that tells only
what books the
library owns, but not what is supposedly on the shelves.
Consequently, all
book-borrowing transactions had to be done by hand, while no
returned books
could be reshelved. A power surge on 25 May did further damage
to the system,
and on the 26th, the system was shut down completely for another
week.
Finally, the system was available again on 2 June, although
considerable effort
had to be devoted to processing the accumulation of returned
books before
operations returned to normal.
[Source: an article by Rufus Jeffris in the Palo Alto Weekly, 9
June 1993,
p. 11]
------------------------------
Date: Fri, 11 Jun 1993 14:21:14 UTC+0200
From: "(Miguel Gallardo)" <[email protected]>
Subject: Computer errors in Spanish elections
On 6th of June several Spanish cities and towns had too high
number of people
that could not vote because their name were not in the right
list.
In Spain, Instituto Nacional de Estadistica (INE) is responsible
for computing
and updating the polling lists.
As the election was nation wide, these mistakes did not change
any parliament
member. However, next election will be a local one, and it seems
that INE will
not perform better, it will be much more difficult to explain to
the people
why they will not have the chance to change their majors.
Miguel A. Gallardo Ortiz, PX86 Engineer UNIX&C freelance working
on RSA crypto
P.O. Box 17083 - E-28080 Madrid (Spain) Tel: (341) 474 38 09 -
FAX: 473 81 97
[email protected] President of APEDANICA (Spanish Legal
Computer Crime
Research Association) ASOCIACION PARA LA PREVENCION Y ESTUDIO DE
DELITOS
ABUSOS Y NEGIGENCIAS EN INFORMATICA Y COMUNICACIONES AVANZADAS
------------------------------
Date: Fri, 11 Jun 1993 09:20:36 -0500
From: [email protected] (the person your mother warned
you about)
Subject: Seattle hackers fined (from Reuters via the NYTimes)
I found this little piece buried in the NYTimes, 11 June 1993.
No real
mention is made of what the "hackers" (I suppose the word will
never be
rescued) did. Is anyone on RISK familiar with the details?
And you have to wonder, given the size of notebook computers, and
the ease of
purchasing and storing them secretly, how the last clause
mentioned could
possibly be enforced.
COMPUTER HACKERS ARE GIVEN FINES AND 5 YEARS' PROBATION
SEATTLE, June 10 (Reuters) -- Two hackers who illegally
infiltrated the
computer systems last fall at the Boeing Company and the United
States
District Court here were each sentenced to five years of
probation and 250
hours of community service, a clerk at the court said Wednesday.
Magistrate David Wilson also ordered the two Seattle residents,
Charles
Anderson and Costa George Katsaniotis to pay a combined $30,000
in
restitution. Boeing, which said at the time that none of its
systems or data
had been damaged by the unauthorized access, will get $28,000 of
the fine and
the court $2000 to defray costs of changing security and checking
files. "As
part of the probation they're not allowed to own a computer or
computer
accounts without the permission of the probation officer," the
clerk added.
Date: Thu, 10 Jun 93 09:18 MDT
From: [email protected]
Subject: Re: Flight control computers 'to bypass pilots'
(RISKS-14.65)
I would like to address this subject; I am an Air Traffic
Controller with 13
years experience in most control functions, including Radar and
Oceanic
Non-Radar.
Most communications with pilots over or near land take place
under VHF or UHF
A/G radio. If, for example, I want to descend a flight to FL 240
(24,000 feet)
I say "Flight No., descend and maintain flight level two four
zero." The pilot
will acknowledge by repeating his flight number and the assigned
altitude,
then begin a descent. (Well, lots of times they will question the
altitude but
let's not get into that <g>).
At the same time I'm speaking, I will punch the flight id and
altitude into my
computer, and the assigned altitude will be displayed on the
scope. But that
bears no relation to what I've said, or the pilot heard or said
back to me.
I might be thinking 240, punch 240 into the computer, but say
220. I should
catch the error when the pilot reads back the clearance, but I
might not. I
might say 240, but the pilot hears 220, and I don't catch the
error on
read-back. He might read back 240, but put 220 into his flight
director. Each
of these errors happens from time to time, and can cause
problems.
Using Mode S, I would enter the flight id and altitude and that
would be sent
to the cockpit, where the pilot would acknowledge by pressing a
button. My
display would indicate the acknowledgement. The pilot could still
question the
clearance via voice radio.
Mode S would not eliminate errors; I might for example punch in
the wrong
flight id or altitude. But it should reduce greatly incidents in
which the
pilot is doing something other than what is shown on my display.
Since I am
continually scanning that display for potential conflicts, it is
vital that it
accurately reflect the intentions of the pilots.
There will, I think, always be a pilot (though perhaps someday
only one) but
the pilot in command already leaves many tasks to the computer. A
commercial
airliner is on auto-pilot most of the time after take-off, and
can begin a
landing approach. The most advanced systems can make a landing in
zero
visibility conditions, which a human pilot cannot.
Timothy Buchanan
------------------------------
Date: Fri, 11 Jun 1993 21:28:03 GMT
From: [email protected] (Marty Leisner x71348 )
Subject: Across the Computer Divide, NY Times
"Across the Computer Divide, The Nerds face the Dummies" (Sunday
NY Times, 6
June, p. 1) talked about "DOS for Dummies", and the lack of
training. This
has to do with productivity (computers with out training and
expertise don't
improve productivity).
Date: Thu, 10 Jun 1993 10:50:34 GMT
From: [email protected] (Frederick Roeber)
Subject: The Internet is international (Rothwell, RISKS-14.72)
A little while ago someone at tis.com announced (on alt.security,
among other
places) that a reference PEM implementation was "freely" [sic]
available for
ftp in the US and Canada.
Just for kicks, I tried it from here (the evil CH empire):
% ftp ftp.tis.com
Connected to AZALEA.TIS.COM.
530 Only DNS registered hosts in the US/Canada can use this
server.
I haven't extensively played with their system, but I'd suspect
they
are reverse-resolving the IP address to a fully-qualified domain
name,
and seeing if the top-most domain is an old three-letter type (or
possibly ".us" or ".ca"), or an international two-letter (e.g,
".uk" or
".ch"). I'm sure we can all evaluate the security of this
method.
> I don't see anything to stop (for example) groups from outside
the US
> lobbying this email service by pretending to be "the people"
from "this
> country."
Well, the system for the USA's House of Representatives requires
that any
would-be e-mail sender first send a (real) postcard to their rep,
listing
their actual address and their e-mail address. This would
provide a link from
any e-mail message to a real location in the rep's district. All
replies are
via real mail, anyway, presumably to the address on the postcard.
BTW, ftpmail to ftp.tis.com works ;-)
Frederick G. M. Roeber | CERN -- European Center for Nuclear
Research
CERN/PPE, 1211 Geneva 23, Switzerland [email protected] +41 22 767
31 80
[Postcard scheme also noted by [email protected] (John
Bruner).
REAL SECURITY, eh? PGN]
------------------------------
Date: Wed, 9 Jun 93 21:41:59 EDT
From: Marcus J Ranum <[email protected]>
Subject: Re: Whitehouse mail -
It is possible that some whitehouse mail that is "correctly"
addressed
is being rejected because the recipient addresses contain mail
metacharacters.
This is a draconian mechanism to prevent folks from routing mail
so it appears
to have originated from whitehouse.gov, by talking to the SMTP
port, I.e.:
sol-> telnet whitehouse.gov 25
Trying 198.137.240.100 ...
Connected to whitehouse.gov.
Escape character is '^]'.
220 whitehouse.gov SMTP/smap Ready.
helo whitehouse.gov
250 (whitehouse.gov) pleased to meet you.
mail From: clinton
250 clinton... Sender Ok
rcpt To: [email protected]
550 Recipient must be in form of: user, [email protected], or
[email protected]
This has the unfortunate side effect that mailers that
generate cruft
like IN%[email protected] will run afoul of the
destination check.
------------------------------
Date: Thu, 10 Jun 93 09:17:38 PDT
From: Max Stern 310-524-6152 <[email protected]>
Subject: Re: Grassroots vs. Astroturf Movements (RISKS-14.72)
I also heard the NPR report cited in 14.72 by Shyamal Jajodia
<[email protected]>. NPR described more than the preparation
of lobbying
letters for targeted mailing lists to send on to their
representatives. The
new Astroturf (r) lobbying techniques also include the following
horror:
The consulting outfit contracts with a lobbyist to generate not
mail, but
PHONE CALLS, to congressional offices. They then telephone
"grass roots"
citizens and, having given them a sketch of the issue, say "If
you agree
with us that this issue is important, we can connect you with
Congressman
Wintergreen right now, so that you can express your opinion to
him." Then
they "patch" the callee through to the congressperson's office,
get off the
line, and it's on to the next call. In this way they can
generate a
constant flux of phone calls, seemingly spontaneous, from
private citizens,
in support of any issue.
The more sophisticated congressional staffs have already learned
to detect
this kind of lobbying; they ask a few detailed questions about
the issues and
find that the caller completely lacks any substantive background
information.
The RISK is that it becomes increasingly difficult for the
congressional staff
to winnow the wheat (sincere opinion from concerned citizens)
from the
Astroturf chaff, and that modern information technology is what
enables the
consulting firm to provide this "service."
Date: Thu, 10 Jun 1993 10:38:24 GMT
From: [email protected] (Hugh JE Davies)
Subject: Re: French Fry Robots! (McKay, RISKS-14.71)
This [risk] has been routinely dealt with in the process control
industry for
decades. About 15 years ago, I was working on systems for the
potato chip
(US)/crisp (UK) manufacturing industry which handled hundreds of
tons of
sliced potato per hour being run through a fryer containing 3
tons of corn
oil. As long as the oil level/oil pump/heater thermostat
interlocks didn't
fail spectacularly, there was no problem.
Admittedly, we had a rotating orange light and a *loud* siren on
top of the
control panel that was the "if all else fails, run away" warning.
And I won't mention the time a supervisor dropped a clipboard
onto the fryer
input belt (which ran at several hundred feet a minute.)
Date: Wed, 9 Jun 93 18:32:50 PDT
From: [email protected] (The Polymath)
Subject: Re: Citibank ATM risk (Kass, RISKS-14.72)
}... I've never made two transactions in a row on a Citibank ATM,
so I
}can't be sure that the language question is routinely presented
again ...
It isn't. Language is chosen at start of session. The only way
to arrive
at the situation you found is for someone to dip their card, then
change
their mind and walk away. Further, if you check I think you'll
find the
ATM asks for the PIN _after_ language selection (so the PIN entry
screen
will be in the correct language). Thus, what you saw was much
less of a
security risk than it seemed.
Jerry Hollombe, aka: [email protected] Head Robot
Wrangler at Citicorp
Usual disclaimers [not Citicorp policy or official Citicorp
anything]
------------------------------
Date: Thu, 10 Jun 1993 09:30:32 -0500
From: [email protected] (the person your mother warned
you about)
Subject: ATM RISKS (Kass, RISKS-14.72)
Generally speaking (at least, among the many ATM's I've used in
the NYMet
area), if an ATM sits idle for a period of time (and this period
seems to be
less than one minute, admittedly a fairly long period of time),
it will prompt
you for your PIN again before allowing you to make a withdrawal,
presumably as
a protection against just such opportunistic attacks on your
account. This
protection is lessened if you aren't carful about shielding your
PIN as you
punch it in to the extremely large and easy-to-read display.
What's interesting to note about the Citibank ATM's (if not a
RISK associated
with them), is the braille strips around the slots. Since it's a
touch screen,
with no physical keypad, someone who's blind (ooops, pardon
me..."optically
challenged") can't use it anyway!
To start with, I am a programmer and I do work at Citibank, but I
don't know
any more about the design of the ATMs than the average person.
Nonetheless, I
use them all the time.
Anyway, the ATMs, at least the ones in most of the Manhattan
locations, ask
"What language to you want to speak?" before asking for the PIN.
Since the
ATMs support languages that don't use the Roman alphabet (like
Chinese and
Japanese, although I don't know either so I can't tell which is
which from the
buttons) , the numbers on the PIN keypad would have to be
different for those
languages.
And even though the ATMs don't "eat the card," they ask for the
PIN
frequently. At the very least, they appear to ask before every
"Get Cash"
transaction, and I think they ask before money transfers as well.
However, I
don't know the exact algorithm, so I wonder if they also ask
before one tries
to see someone else's account balances or transaction history.
greg [Disclaimers...]
[Similar comments from Mark Eckenwiler [email protected]
..!cmcl2!panix!eck]
------------------------------
Date: Thu, 10 Jun 93 15:13:38 EDT
From: [email protected] (Carl Ellison)
Subject: Re: Cryptography, Free Speech, and so on (Leichter,
RISKS-14.72)
If Jerry is trying to claim that cryptography is born classified,
like nuclear
technology, then I believe he is wrong. The NSA tried to push
this concept
back in the late 1970's and it was tossed out, as I recall. As a
result, I am
allowed to publish anything about cryptography in any
international journal or
speak at a conference giving details of my work without getting
approval of
any government agency.
The NSA, in the late 1970's, tried to make it otherwise: that a
citizen had to
get permission to publish or speak on cryptography and couldn't
speak to any
foreigners.
------------------------------
Date: Sat, 12 Jun 1993 12:14:29 EST
From: Dave Banisar <[email protected]>
Subject: Re: Clipper
On June 9, 1993, Congressman Edward Markey, Chairman of the
House
Subcommittee on Telecommunications and Finance held an oversight
hearing on
encryption and telecommunications network security. Panelists
were Whitfield
Diffie of Sun Microsystems, Dr. Dorothy Denning, Steven Bryen of
Secure
Communications, Marc Rotenberg of the CPSR Washington Office and
E.R.
Kerkeslager of AT&T.
Congressman Markey, after hearing the testimony presented,
noted that
the Clipper proposal had raised an *arched eyebrow among the
whole committee*
and that the committee viewed the proposal skeptically. This
statement was the
latest indication that the Clipper proposal has not been well
received by
policy makers. Last Friday, the Computer Systems Security and
Privacy
Advisory Board of NIST issued two resolutions critical of the
encryption plan,
suggesting that further study was required and that
implementation of the plan
should be delayed until the review is completed.
At the Third CPSR Cryptography and Privacy Conference on
Monday, June
7, the Acting Director of NIST, Raymond Kammer, announced that
the
implementation of the proposal will be delayed and that a more
comprehensive
review will be undertaken. The review is due in the fall. Kammer
told the
Washington Post that maybe we won't continue in the direction we
started out.
The full text is available by anonymous ftp from cpsr.org
/cpsr/crypto/clipper
------------------------------
Date: Thu, 10 Jun 93 07:03:49 -0400
From: [email protected] (Kenneth R Foster)
Subject: Re: health effects of VDTs (correction) (Hull-Richter,
RISKS-14.72)
The unit should have been mG (milligauss). The text had been
"corrected" by a
typist. I think that we corrected the error in the galleys. The
book is
_Phantom Risk_ (Foster,Bernstein, Huber, eds), MIT Press 1993.
Strictly speaking, the correct unit should be Tesla; in
discussions of health
effects of magnetic fields the unit Gauss is usually used. For
nonmagnetic
materials it is appropriate as well.
Kenneth R. Foster
------------------------------
Date: Thu, 10 Jun 1993 09:45:26 -0400 (EDT)
From: Bruce Limber <[email protected]>
Subject: Re: Errors in the correction of the error
Please forgive me if any of what follows seems uncharitable; I
truly don't
mean it to be a personal attack, nor to I wish to appear
non-humble.
Two corrections were posted in RISKS-14.72, pointing out errors
in the
RISKS-14.71 directions for getting to a conference by Metro (the
DC subway
system) from National Airport. There was indeed an error in the
original
directions.
I posted one set of corrections; that set is, to the best of my
knowledge,
reliable. I stand by my correction, and I'm more humble than you
are! :-)
The other correction was posted by one of our esteemed
colleagues, and in
correcting the (one) error in the original directions, he
regrettably
introduced two new errors. (Perhaps we should stop before we're
even
farther behind?)
1. The yellow train to take from National Airport is labeled "Mt.
Vernon
Sq." It "does not--and never has--" gone to U Street/Cardozo.
(He's
thinking of the green train, which is irrelevant to our intent;
when the
end-of-track was extended from Gallery Place to U Street for the
new green
line, the yellow train's terminus was extended up the new track
beyond
Gallery Place, too--but only to Mt. Vernon Square.)
2. The blue train through Metro center (both of which are ideally
irrelevant to our discussion) says "Addison Road," not "New
Carrolton."
The New Carrolton train is the orange line, which is--suffice it
to say,
you don't want to hear about it. :-)
BTW, if you're at the National Airport station and see a blue
train
labeled "Addison Road," ignore it: it's a lot slower than the
yellow
train.
TRUST ME :-) --here are the correct directions, again:
Take the yellow train labeled "Mt. Verson Sq." to Gallery Place;
there,
transfer to a red train labeled "Shady Grove." Your destination
is the
Twinbrook station.
Piece of cake.
Unfortunately, the real tragedy of all this confusion is that it
will
probably put off lots of people who would otherwise have taken
the subway,
which really is an easy and enjoyable way to travel from National
Airport
to the hotel. It's also one of the cheapest. Buses cost more
and
probably take longer. And the less you have to deal with taxis
in this
area, the happier you'll be: the correct fare is a lot, and
hacks here
are notorious for overcharging (not all cabs here use meters).
Take the subway; you'll be glad you did.
You have my word on it. :-)
------------------------------
Date: Fri, 11 Jun 93 09:41:25 EST
From: BillV <[email protected]>
Subject: Re: And yet, a Risks report contains more errors!
I don't find botched Metro directions at all surprising. For
example, the
Blue line train actually goes to, and is labelled, "Addison
Road". It's the
Orange Line that runs to New Carrolton, which theoretically does
not run
from the Airport.
------------------------------
Date: Thu, 10 Jun 93 09:54:00 BST
From: Geraint Jones <[email protected]>
Subject: Re: What's in it for the grocer? (Kristol, RISKS-14.72)
There is a hidden assumption that the use of cash is free to the
supermarket.
Whilst cash can be a moderately convenient means of exchange for
the small
sums in which individuals deal, or indeed for disguising huge
transactions
from the tax man, it is tremendously expensive to move it from
place to place,
and to protect it against both pervasive `evaporation' from the
surface of the
organisation, and from occasional shotgun-inspired haemorrhages.
I plead relevance to RISKS, because it sometimes seems that
things get sent
(t)here because they mention technology -- risky or not -- and we
do seem
to assume that the absence of technology must at worst not be a
bad thing.
------------------------------
Date: Thu, 10 Jun 93 10:11:09 EDT
From: David Carroll <BDCARRD1%[email protected]>
Subject: Re: What's in it for the Grocer?
Dollars, that's what! Dave Kristol posted asking if supermarket
"price clubs"
were used for building "buying profiles" detailed everything that
you bought
using that card. I have no way of knowing if this happens in
other geographic
areas, but in the Albany, NY area, the Price Chopper chain does
exactly that.
But wait; there's more (to shamelessly steal Popeil's ad line)
the card for
that "price club" is one and the same with the stores check
cashing card. If
you don't feel like having a business make a buck selling your
personal
information, you have to stand in line at the "courtesy" desk to
get a check
approved - amount of purchase only. Friends and I have each tried
to get a
card for the sole purpose of check cashing (I don't get their
specials and
they don't sell my information; sounds fair?) No way, Jose. So I
have another
solution - I won't shop there. Whenever my sad little Grand Union
doesn't have
some essential ingredient I must have, I go to Price Chopper and
take the
opportunity to complain about their policy (while pointing out
that I spent
c.$100 at Grand Union and $10 there.) The risk? that in an
increasingly
automated age, as checks become obsolete (very soon by all
reports), they
won't even need this extra card as the electronic hook to tie
your purchase
info to your demographic info. If you have to use a card to pay
(whether
credit or debit) they'll have the hook. Now is the time to get
legislation
passed to outlaw use of private information for purposes
unrelated to a
transaction that are not expressly approved. That principle has
been
advocated by the Privacy Commission and countless privacy experts
for the past
25-30 years. Are we ready?
Date: Thu, 10 Jun 1993 10:58:13 -0700
From: Mike Olson <[email protected]>
Subject: Re: What's in it for the grocer? (Kristol, RISKS-14.72)
Dr. Mike Stonebraker here at Berkeley consults for a bunch of big
retailers
on database management (Stonebraker started the Ingres project,
which he
subsequently commercialized, in the early '70's). I've heard him
give
a talk on exactly this topic. Here's the gist of his story:
Supermarkets will offer "frequent buyer discount" cards. If you
use the
card, they will automatically apply any manufacturer discount
coupons that
apply to your purchases. You don't need the paper coupons.
The benefit to the consumer is that his grocery bill is lower.
The store is able to track purchases by individual customers,
which is
good for the store in two ways. First, it can break down
purchasing
habits by whatever demographic information they can find, which
may help
them advertise and stock their shelves. Second, it can sell the
names
of all Coke purchasers to Pepsi, so that Pepsi can clutter up
your
mailbox with advertisements. This way, the store makes some
extra money.
The benefit to the manufacturer is that it finds out about your
buying
habits and can develop ad campaigns directed at you.
The RISK, of course, is that previously anonymous transactions
will be
recorded, and details sold to people you don't know. If that
bothers
you, you should pay cash and not use any kind of discount card.
Stonebraker's talk on the future use of database systems by
retailers is
pretty interesting. Big retailers like K-mart and Walmart in the
US capture
every single item sold at every cash register they own. The data
are loaded
into an enormous central database, where they're used in "data
mining"
applications to plan future purchases by the store. The main
problem the
retailers have right now is storage space and techniques for
digesting the
volume of data they have. If they could do it, they'd keep all
purchase data
forever, and issue queries like "When will knee-length
powder-blue dresses
come back into style?"
Date: 10 Jun 93 15:36:41 GMT
From: mc/G=Brad/S=Hicks/[email protected]
Subject: Re: What's in it for the grocer?
To protect my job, I have to put the disclaimer first. As you
can see from my
X.400 address and sig, I work for MasterCard International. I've
read a lot
on the subject in company newsletters, etc., but the following
remarks should
be interpreted as cocktail-party conversation, not official
statements from
MasterCard International, Inc.
Yes, the credit card companies are offering lower fees to grocers
(also to
movie theaters and fast food restaurants, as I recall). But
there are fees,
and as you say, grocers tend to have slender margins. So what's
in it for
them? Two things: (1) customers like having more payment options
and some of
them will pick a grocer who takes MasterCard over one who
doesn't, and (2)
people who are paying with plastic instead of "real money" run up
higher
bills. So customer traffic goes up and profit per customer
transaction goes
up. THAT's why MasterCard has been so successful in getting
grocery stores to
accept MasterCard.
If any grocer who accepts MasterCard (or Cirrus ATM cards, or
Maestro
debit cards) is tracking purchases vs. card number, I haven't
heard of it.
On, the other hand, unless you're buying huge amounts of booze
or
something, the total RISK of such a database (it seems to me)
would be a
bit more junk mail, which hardly seems like a big deal when
offset against
the benefit of not having to carry cash or wait while a check is
approved.
And actually, since I don't think that grocers subscribe to the
service that
lets you look up address against card number, it probably
couldn't even be
used for that.
(I know I've been doing all of my grocery shopping with my
BankMate
ATM/Maestro debit card for two years now; I love it.)
If anybody wants to try and get an official statment on the
subject out of
MasterCard, they could try the following people in our Public
Relations
department: [email protected],
[email protected], or
[email protected].
(X.400: c=us, admd=attmail, prmd=mastercard, and fill in sn= and
gn= from
the above list.) [Peter, you're "the press," why don't you try?]
