risks@CSL.SRI.COM (RISKS Forum) (05/01/91)
RISKS-LIST: RISKS-FORUM Digest Tuesday 30 April 1991 Volume 11 : Issue 57
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Reverse engineering and testing of students (Andrew Koenig)
Re: Another commuter train wreck in London (Dave Roberts)
Re: Cable TV "bullet" (David A Ladd)
Re: Free Speech & Govt. Control of Information (Peter Marshall)
Re: Freedom of Information vs Computers (Daniel C. Swinehart)
Email, Privacy, and `small print' (Herman J. Woltring)
Prodigy commentary (Jeremy Epstein, Tom Neff, Robert Hartman)
Re: Four-digit address causes NYC death (W.A.Simon, Brinton Cooper,
Steve Strassmann, Martin Minow)
D.C. Seminar, "Social Importance of Privacy," May 3, 1991 (Robert Jacobson)
The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive
"Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For
vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 11, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
If you cannot access "CRVAX.SRI.COM", try Internet address "128.18.10.1".
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
----------------------------------------------------------------------
Date: Tue, 30 Apr 91 09:45:12 EDT
From: ark@research.att.com
Subject: Reverse engineering and testing of students
I was talking recently to someone who told me about his experience taking a
multiple-choice test. There were a lot of questions, most of which he knew, but
some of which were so poorly designed that he could not tell which of several
alternatives was the right answer. Of course, he left those blank on his first
pass.
After he had answered the ones he knew for sure, he noticed a pattern beginning
to emerge on the answer sheet. The spaces for answers were arranged in two
columns, and he saw that the left column had exactly the same pattern of
answers as the right column, not counting the gaps, except that it was inverted
and reversed. The pattern was too consistent to be a coincidence, so he used
that information to fill in the rest of the answers. Sure enough, each answer
indicated by the pattern matched one of the answers he had considered possible
for that question.
When it came time to grade the test, the grading procedure explained
everything. The grader took a sheet of opaque plastic with a bunch of holes in
it, placed it over the answer sheet, and marked as wrong all the questions
where an answer didn't show through a hole. He then flipped the template over,
turned it upside down, and repeated the process for the second column.
--Andrew Koenig, ark@europa.att.com
------------------------------
Date: Tue, 30 Apr 91 16:44:05 GMT
From: Dave Roberts <dwr@ssl-macc.co.uk>
Subject: Re: Another commuter train wreck in London
Following the report in RISKS-11.52 from ClariNet I thought that the Forum
readers might like to know that the trains were not both under computer control
at the time. The train which was on the receiving end of the bang was under
manual control at the time because of "previous failures" according to the UK
Daily Telegraph.
The question which occurs to us is "Why did the computer driving the second
train not know where the first one was?" No answers available in the UK at
the moment because the inquiry is still in progress. The speed of impact was
about 5mph and no one was hurt but the whole line was down for 7 hours.
------------------------------
Date: Tue, 30 Apr 91 12:28:41 EDT
From: ladd@iwsgw.att.com (David A Ladd)
Subject: Re: Cable TV "bullet"
>But most of these folks in question are otherwise legitimate cable subscribers
>who have been "sold" a modification to their cable boxes, MOST OFTEN BY A
>CROOKED CABLE COMPANY INSTALLER
Note that the installer need not be crooked, but may be merely incompetent or
generous. When I was in high school, before everyone had cable-ready
equipment, it was common to have a cable box fail, call for service, and end up
with unaccounted-for and unrequested cable services. In fact, of the three
households I was aware of with cable, all three eventually had the full set of
movie channels without paying for them or in some cases even wanting them. To
have this sort of case turn into a ``theft of cable services'' prosecution
seems ridiculous.
------------------------------
Date: Tue, 30 Apr 91 08:42:15 PDT
From: peterm@halcyon.UUCP (Peter Marshall)
Subject: Re: Free Speech & Govt. Control of Information
Larry's response to Jerry Leichter's earlier post on this topic is
well-reasoned and compelling. Yet, while it may generally be the case, as Larry
states, that "commercial entities do not have the same free speech rights that
individuals do," this observation must, perhaps unfortunately, be qualified in
part by the little matter of "corporate First Amendment rights." Amazing what
you can do after defining "corporation" as "person" in legal terms. See, for
example, THE INCORPORATION OF AMERICA.
Peter Marshall
halcyon!peterm@seattleu.edu
The 23:00 News and Mail Service - +1 206 292 9048 - Seattle, WA USA
------------------------------
Date: Tue, 30 Apr 1991 08:40:11 PDT
From: Daniel_C._Swinehart.PARC@xerox.com
Subject: Re: Another article: Freedom of Information vs Computers (RISKS-11.55)
Bob Frankston commented on the relative utility of data when provided in "the
original machine readable tape format or on 'more than 1 million sheets of
paper.'" Paper is becoming ever more machine-readable these days. It won't be
long before these decisions can again be made solely on the basis of the
message, not the medium.
------------------------------
Date: Tue, 30 Apr 91 10:24:00 N
From: Herman J. Woltring <UGDIST@HNYKUN53>
Subject: Email, Privacy, and `small print'
Sender: Biomechanics and Movement Science listserver <BIOMCH-L@HEARN>
Considering yesterday's issue of the RISKS-Forum Digest (volume 11, No. 56)
on breach of privacy, email censoring, and improper `small print' in contract
clauses, I am reposting part of my note of last February on public access to
email facilities. [...]
> Date: Sat, 23 Feb 91 11:10:00 N
> Sender: Biomechanics and Movement Science listserver <BIOMCH-L@HEARN>
> From: Herman J. Woltring" <ELERCAMA@HEITUE5.BITNET>
> Subject: Public access to Internet etc.
>
> Dear Biomch-L readers,
>
> While email communication is usually available for free to account holders
> on EARN/BITNET, Internet, etc., (log-on time, disk usage, paper output
> typically being charged), it may be useful to mention that email access is
> also becoming increasingly available through PC and modem facilities by
> telephone [...; typically, number of transmitted bytes and/or logon time
> being charged -- HJW].
>
> Interestingly, one such service (PRODIGY) has been accused of censoring
> email to and from its subscribers. Whether this allegation is true or
> not, such issues do raise concern about freedom of opinion, free access
> to information, and similar fundamental rights in a networking context,
> especially if (with some justification, perhaps) `network harrassment' is
> used as an argument to counter network `flaming'. As said at a previous
> occasion: "verba volent, scripta manent" ...
The allegations in RISKS-11.56 against Prodigy and GEnie, two commercial
email service providers in North America, warrant considering the question
whether it is about time that Postal legislation (i.e., postal services are
not entitled to refuse, (unnecessarily) delay, read, or censor your mail,
or to divert it from its destination without a proper court order) shall
also apply to electronic mail, whether through private or public channels.
I do not propose to have this topic as a debate on this list; however, I think
that a pointer to the relevant debate is not out of place even on a discussion
list like ours, and I shall be happy to consider any comments sent to me
privately. I might mention in this respect that the Dutch legislative is
currently considering a Computer Crime Bill in which unauthorized access to
computers, e.g., by networking, is considered a felony, and that some of the
proposals remind more of the U.K.'s Official Secrets Act than of the U.S.A.'s
Freedom of Information Act. One heavily debated topic is to what extent
computer trespassing will be declared a criminal offence if no appropriate
security is provided by system management. If not, private (and public)
interests can afford to neglect system security and yet call upon public
authorities for free to protect their interests once they observe that their
sloppyness has been `used'. This is unusual in Civil Law as any insurance
company will be happy to point out, and not very compatible with the classical
view that Criminal Law is the Ultimate Resort, `when all else fails'.
Herman J. Woltring, Biomch-L co-moderator & (former) member, Study-committees
on s/w & chips protection / Computer crime, Neth. Society for Computers and Law
------------------------------
Date: Tue, 30 Apr 91 09:43:47 EDT
From: epstein%trwacs@uunet.UU.NET (Jeremy Epstein)
Subject: Prodigy commentary
I found the comments on Prodigy very enlightening. I'm glad I'm
not a subscriber. However, I was very concerned by one comment:
> I invited you to look at your own STAGE.DAT file, if you're a Prodigy
>user, and see if you found anything suspect. Since then I have had numerous
>calls with reports of similar finds, everything from private patient medical
>information to classified government information.
If you have classified government information on your PC, you should
not be using it to call *anywhere* using *any* comm package. That's
just good sense (and it may even be the law, I'm not sure).
I'm certainly not defending Prodigy...if what was described is accurate,
it certainly sounds like a mass invasion of privacy, theft, and some
nice big lawsuits. Has any of this made it into the non-technical press
(e.g., Wall Street Journal, NY Times, LA Times).
Jeremy Epstein, Trusted X Research Group, TRW Systems Division, Fairfax
VA +1 703/876-8776 epstein@trwacs.fp.trw.com
------------------------------
Date: 30 Apr 91 15:18:47 EDT (Tue)
From: tneff@bfmny0.bfm.com (Tom Neff)
Subject: Prodigy and STAGE.DAT strangeness
The simplest explanation for private customer data appearing quasirandomly in
the Prodigy STAGE.DAT file is that the access program may allocate buffers
without clearing them, then write a comparatively little bit of binary data
into them and flush to disk. The unused buffer areas still contain whatever
was lying around in memory before Prodigy was started, and this "garbage" will
end up on disk.
This neither proves malfeasance or innocence on Prodigy's part; but, at worst,
carelessness. Clearly their program *could*, if it wished, transmit your
computer's entire memory and/or disk contents back home to the Prodigy host.
And it could do so *without* storing anything in a file like STAGE.DAT! That's
simply a RISK of accepting some black box piece of software in the mail and
running it. "Run me," Alice?
------------------------------
Date: Tue, 30 Apr 91 11:32:55 PDT
From: rhartman@thestepchild.esd.sgi.com (Robert Hartman)
Subject: Re: Prodigy, etc. (RISKS-11.56)
WRT the controversies over censoring e-mail and selectively denying service to
customers who complain, there already are some laws that should be applicable.
It seems to me that there's nothing all that different between an e-mail
service and a phone company--except the format of the data being carried. The
various phone and long-distance companies are common carriers, and governed by
FCC rules. Am I wrong in thinking that a common carrier is not allowed to
interfere with the communications they carry, and that they cannot easedrop
without a court order? Now, broadcast mail may be open for public scrutiny and
rebuttal, but if a carrier offers a "conference call" service, I don't believe
that they can restrict anyone from using it, or from saying what they like in
the course of such a call. Bulletin board postings seem to me to be analogous
to conference calls in the same way that private e-mail messages are akin to
private calls.
A sharp lawyer ought to be able to convince a judge or jury in a civil suit
(where a preponderance of evidence is all that is necessary to win) that
Prodigy and the others, in offering their e-mail and BBS services, are
operating as de-facto carriers for electronic communications. As such, they
should be held accountable under the same rules as any other carrier, and
liable for any breaches. Esp. when they are run by large corporations with
legal staffs. They can't plead ignorance. I can't understand why they'd risk
legal exposure in this way, not to mention the negative publicity of a trial!
A risk in obtaining such a ruling would be that all BBS operators--at least
those using the phone lines, might have to be licensed. But then, if there are
enough of them who write enough letters to legislators, a new class of licenses
for "amateur e-mail and BBS carriers" could be mandated. We could even make it
an automatically-granted license, so long as there is no charge for the
service.
As far as the issue of Prodigy uploading private data goes, this sounds like a
clear case of wire fraud to me. Wish I were the lawyer to get that case! Can
you spell "class action?" I knew you could. Mr. and Mrs. Middle Class America
will be mightily annoyed if this is true.
------------------------------
Date: Tue, 30 Apr 91 14:56:06 EDT
From: W.A.Simon <alain@elevia.UUCP>
Subject: Four-digit address causes NYC death (Nilges, RISKS-11.55)
I have a hard time accepting this. I have designed and programmed applications
for the military, for banks, for large corporations, for government
administrations, and even for a hospital. I have never encountered a situation
where this limitation could have been a problem. If a 9 position field was
required, it showed on the screen as a 9 position field, or the analyst (and
later the users) would catch it. Testing would also take care of internal
field truncations (due to programming errors rather than design weaknesses).
Blaming the language for poor discipline is like blaming Henry Ford for road
casualties.
From a different perspective, there is no way to garantee that a program will
be error free (in respect to field truncation) simply by mandating dynamic
field length. There can be other sources for this kind of error. And we
should remember that it is not possible to outlaw human failures or plain
stupidity.
> How about legislation concerning responsible display and capture of
> COMPLETE information?
And legislation concerning the proper use of toilet seats...
> Or, at the level of civil lawsuits, the fact that a
> defendant's system truncates data should always weigh against the defendant.
It is very probable that, should such error be documented, a civil
court judge would find sufficient ground against the defendant.
Alain UUCP: alain@elevia.UUCP
------------------------------
Date: Mon, 29 Apr 91 23:22:58 EDT
From: Brinton Cooper <abc@BRL.MIL>
Subject: Re: Four-digit address causes NYC death
Ed Nilges reports on the death of a man in NYC because the computer system
which dispatches emergency personnel was not programmed to handle 5 digit
addresses. Ed goes on to make a well-reasoned argument on what might and might
not be done about this.
I have another suggestion: I believe that cases such as this argue my theses
that there should be less "programming," in the traditional sense of the word.
It seems to me that spreadsheet and database tools which permit a limited
number of "well-defined" and "obvious" operations by the user may well inhibit
many of the errors permitted, even encouraged, by so-called "powerful"
languages.
This is just a hunch; I wonder if Risks folks know of data to refute or
support this bias?
_Brint
------------------------------
Date: Mon, 29 Apr 91 22:52:12 EDT
From: Steve Strassmann <straz@media-lab.media.mit.edu>
Subject: static memory allocation causes NYC death
One RISK of using C and unix extensively, so it would seem, is that it
makes it hard for some people to distinguish between "C does this
incredibly stupid thing" and "most languages do this incredibly stupid thing."
For example, since C is a de-facto standard, these people make so-called
"general-purpose" CPU's, saying "of course it's general-purpose, it's optimized
to run C, isn't it?"
------------------------------
Date: Mon, 29 Apr 91 19:32:22 PDT
From: Martin Minow 29-Apr-1991 2226 <minow@ranger.enet.dec.com>
Subject: re: truncation of fields (Risks 11.55)
In Risks 11.55, Ed Nilges comments that only a few programming languages
allow completely variable-length strings.
The problem isn't quite as bad as Ed suggests. In addition to "REXX and
certain Basic interpreters," one might add Ansi Mumps (which is quite
suitable for database applications), Pascal (which supports variable
length strings up to 255 bytes), PL/I, the VMS command language,
and many, if not all, personal computer database packages.
In many cases, however, the problem is not due to the programming language,
but to the original database design. Many of these systems grew, one
small step at a time, from punch-card based address lists, without the
benefit of -- or opportunity for -- a redesign.
Martin Minow
------------------------------
Date: Tue, 30 Apr 1991 05:38:07 GMT
From: cyberoid@milton.u.washington.edu (Robert Jacobson)
Subject: CPSR Washington Seminar, "Social Importance of Privacy," May 3, 1991
* CPSR Seminar Series *
"The Social Importance of Privacy"
Priscella M. Regan, Department of Public Affairs, George Mason University
CPSR Washington Office, Friday, May 3, 1991, noon - 2 pm
Most legal and philosophical writing views privacy as important to the
individual, as a safeguard that allows for personal self-development, and a
political freedom that protects private or intimate relationships. But this
emphasis on the importance of the individual has concealed another aspect of
privacy P its social importance. Professor Regan will explore the
philosophical and legal basis for the social or public importance of privacy,
and will examine the policy implications of viewing privacy from a social
perspective.
CPSR Washington Office, 666 Pennsylvania Ave., SE, Suite 303, Washington, DC,
202/544-9240 (one block from the Eastern Market metro)
In cooperation with The United States Privacy Council
[if you would like to be notified of future CPSR Seminars, please send a note
with e-mail address to mrotenberg@csli.stanford.edu]
------------------------------
End of RISKS-FORUM Digest 11.57
************************