Subject: RISKS DIGEST 16.73 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 6 January 1995 Volume 16 : Issue 73 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator [NOTE: If you are overwhelmed with RISKS, cheer up. After an active week, a two-week slowdown is coming. There's the potential of another entire issue devoted to new date-time stuff, but it may get deep-sixed. PGN] ***** See last item for further information, disclaimers, etc. ***** Contents: My life as an international arms courier [longish, but good] (Matt Blaze) Work monitoring (Phil Agre) GRE by computer, the sequel (Cris Pedregal Martin) More on "Cell phones in Israeli army" (Heinz Wrobel) Re: Adopting Programming Improvements (Douglas W. Jones) Re: CompuServe-Unisys GIF Tax Protest (Kenneth Albanowski) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Fri, 06 Jan 95 16:58:50 -0500 From: Matt Blaze Subject: My life as an international arms courier [This is admittedly a bit long, but I thought this experience might be of some interest to RISKS readers. -matt] [Matt, Struggling as we are with export controls in the NRC crypto policy review, this is quite interesting. Thanks. PGN] Under an obscure provision of US law, devices and computer programs that use encryption techniques to hide information from prying eyes and ears are considered ``munitions'' and subject to the same rules that govern the international arms trade. In particular, taking such items out of this country requires the approval of the State Department, which decides whether exporting something might endanger national security. In the past, these restrictions were of little concern to the average citizen; encryption found most of its application in military and diplomatic communications equipment. Today, however, growing concern over electronic fraud and privacy means that encryption techniques are starting to find their way into more conventional commercial products like laptop computers and portable phones. Mostly to find out what the process was like, I recently applied for a temporary export license for a portable telephone encryption product that I wanted to take with me on a business trip to England and Belgium. The item in question is more properly called a ``telephone security device.'' This is a little box that scrambles telephone conversations to protect them against eavesdroppers; this sort of protection is sometimes important when discussing confidential business matters from faraway places. The particular model I bought was already approved for export; it employs a cipher algorithm that the government has already decided is not a threat to national security even should it fall into the hands of some rogue government. This model is aimed primarily, I presume, at international business travelers who want to communicate in a reasonably secure manner with their home offices in the states. In other words, a typical user buys two of them, leaving one at the home office and carrying the other when traveling abroad. The options that came with my device included a James Bond-ish looking acoustic coupler and handset to facilitate its connection to the hardwired phones that are still common in European hotel rooms. It turns out that there was recently some discussion in the government about exempting products like my secure phone from the licensing paperwork requirements. Unfortunately, however, this exemption never actually took effect. So even though the device I had was already approved for sale abroad, I still needed to get a temporary export license before I could take it with me. But I was assured that ``this is an easy, routine process''. Well, sure enough, about two weeks before I was to leave I got back my official US State Department ``license for the temporary export of unclassified defense articles''. So far, so good. >From what I was able to figure out by reading the license (and having a few conversations with an export lawyer), I'm required to leave from an international airport with a Customs agent present (no problem there, although Customs is geared to arriving, rather than departing, travelers). At the airport, I'm supposed to fill out a form called a ``shipper's export declaration'' (SED) on which I have to declare that ``these commodities are authorized by the US government for export only to Belgium and the United Kingdom. They may not be resold, transshipped, or otherwise disposed of in any country, either in their original form or incorporated into other end-items without the prior written approval of the US Department of State''. Then I'm to present the SED and export license to a Customs official at the airport before I leave. The Customs officer is supposed to take my SED and endorse my license to show what I'm actually taking out of the country. On the way back in, I'm supposed to ``declare'' my item at Customs (even though it was manufactured in the US) and show them my license, and they're supposed to endorse the license again as proof that I have, in fact, returned the ``defense article'' to the safety of the United States. The first hitch I ran into was that no one could actually tell me where I could get an SED form. But when I called Customs they assured me that this was no big deal. ``Just come by when you get to the airport and we stamp the license. I guess you can just fill out the SED there,'' they said. I made sure to get to the airport early anyway. Although there was moderately heavy traffic near the airport, I made it to JFK two and a half hours before my 10pm flight. I was flying United, which has their own terminal at JFK, so Customs has an office right there in the same building from which I was to depart (JFK is awful to get around, so I was glad for this). I checked in for my flight (and got upgraded to first class, which bolstered my expectation that everything was going to be really easy from here on). Then, luggage, license and phone in hand, I made my way downstairs to Customs, expecting to fill out the SED form and ``just have my license stamped'' as they had assured me earlier on the telephone. I explained my situation to the security guard who controls entry to the Customs area, and he led me to ``the back office'' without much argument or delay. The head uniformed Customs guy in the back office (which I think is same office where they take the people suspected of being ``drug mules'' with cocaine-filled condoms in their stomaches) looked approachable enough. He had a sort of kindly, grandfatherly manner, and he was playing a video game on a laptop computer. I got the impression that most of the people he encounters are suspected drug smugglers, and he seemed pleased enough to be dealing with something a little different from the norm. When I explained what I was doing he looked at me as if I had just announced that I was a citizen of Mars who hadn't even bothered to obtain a visa. He explained, carefully, that a) I really do need the SED form; b) not only that, I should have already filled it out, in duplicate; c) he doesn't have blank SED forms; d) he, like everyone else in the entire US government that I had spoken to, has no idea where one gets them from, but people must get them from somewhere; and e) it doesn't really matter, because I'm in the wrong place anyway. I asked him where the right place is. ``The cargo building, of course,'' he told me, patiently. I remembered the cargo building because I passed it in the taxi just as the traffic jam began, about half an hour before I got to the United terminal. The airport shuttle bus doesn't stop there. I'd have to call a taxi. ``But I think they're closed now, and even if they were open you'd never make it before your flight'' he helpfully added, saving me the trip. He also complemented me for going to the trouble to get the license. I must have looked hurt and confused. Eventually he called in some fellow in a suit who I presume to have been his boss. ``Are you the guy who wants to export the fancy gun?'' the fellow in the suit asked me. ``It's not a gun, it's a telephone,'' I responded, with a straight face. ``Why do you have a license to export a telephone?'' Good question, I thought. I explained about the export law and showed him the thing. He agreed that it looked pretty harmless. The fellow in the suit reiterated points a through e almost verbatim (do they rehearse for these things?) and explained that this isn't really their department, since my license was issued by the State Department, not Customs, and my situation doesn't come up very often because exports usually go via the cargo building. He'd love to help me, but the computer in which these things get entered is over in Cargo. ``That's how the records get made. But you do have a valid license, which is nice.'' He also suggested that I would have had an easier time had I shipped the device instead of carrying it with me. I asked what I should do, given that my plane was scheduled to leave in less than an hour. Neither was sure, but the fellow in the suit seemed willing leave it to the discretion of the uniformed guy. ``How does this thing work, anyway?'' he asked. I explained as best as I could, trying to make it sound as harmless as it is. ``You mean like that Clipper chip?'' he asked. At this point, given that he has a computer and knows something about the Clipper chip, I figured that maybe there was some hope of making my flight. Or maybe I was about to spend the night in jail. In my mind, I put it at about a 90:10 hope:jail ratio. Then he asked, ``Do you know about this stuff?'' So we chatted about computers and cryptography for a while. Finally, the two of them decided that it wouldn't really hurt for them to just sign the form as long as I promised to call my lawyer and get the SED situation straightened out ASAP. They assured me that I won't be arrested or have any other trouble upon my return. I made my flight, validated license in hand. An aside: Throughout my trip, I discovered an interesting thing about the phone and the various options I was carrying with it. Under X-ray examination, it looks just like some kind of bomb. (I suspect it was the coiled handset cords). Every time I went through a security checkpoint, I had to dig the thing out of my luggage and show it to the guard. I almost missed the new ``Eurostar'' chunnel train (3hrs 15mins nonstop from London to Brussels, airport-style checkin and security) as the guards were trying to figure out whether my telephone was likely to explode. Coming back to the US was less eventful, though it did take me an extra hour or so to get through Customs. Expecting a bit of a hassle I didn't check any luggage and made sure to be the first person from my flight to reach the Customs line. The inspector was ready to wordlessly accept my declaration form and send me on my way when I opened my mouth and explained that I needed to get an export license stamped. That was obviously a new one for him. He finally decided that this had to be handled by something called the ``Ships Office''. I was sent to an unoccupied back room (a different back room from before) and told to wait. I thought about the recent Customs experiences of Phil Zimmermann. (Zimmermann, the author of a popular computer encryption program, was recently detained, questioned and searched by Customs officials investigating whether he violated the same regulations I was trying so hard to follow.) After about half an hour, an officer came in and asked me what I needed. I explained about my export license that had to be endorsed. She just shrugged and told me that she had to ``process the flight'' first. As best as I could tell, her job was to clear the airplane itself through Customs, that being, technically speaking, a very expensive import. It would take a little while. She was pleasant enough, though, and at least didn't look at me as if she intended to send me to jail or have me strip searched. Finally, she finished with the plane and asked me for my form. She studied it carefully, obviously never having seen one before, and eventually asked me what, exactly, she was supposed to do. I explained that I had never actually gone through this process before but I understood that she's supposed to record the fact that I was re-importing the device and stamp my license somewhere. She told me that she didn't know of any place for her to record this. After some discussion, we agreed that the best thing to do was to make a Xerox copy of my license and arrange for it to go wherever it had to go later. She stamped the back of the license and sent me on my way. It was a little over an hour after I first reached the Customs desk. My conclusion from all this is that it just isn't possible for an individual traveler to follow all the rules. Even having gone through the process now, I still have no idea how to obtain, let alone file, the proper forms, even for a device that's already been determined to be exportable. The export of export-controlled items is ordinarily handled by cargo shipment, not by hand carrying by travelers, and the system is simply not geared to deal with exceptions. Technically speaking, everyone with a laptop disk encryption program who travels abroad is in violation of the law, but since no one actually knows or checks, no mechanism exists to deal with those who want to follow the rules. While (fortunately) everyone I dealt with was sympathetic, no one in the government who I spoke with was able to actually help me follow the rules. I was permitted to leave and come back only because everyone involved eventually recognized that my telephone was pretty harmless, that my intentions were good, and that the best thing to do was be flexible. If anyone had taken a hard line and tried to enforce the letter of the law, I simply wouldn't have been able to take the thing with me, even with my license. Had I just put my telephone in my suitcase without telling anyone instead of calling attention to myself by trying to follow the rules, chances are no one would have noticed or cared. Unfortunately, however, these absurd rules carry the full force of law, and one ignores them only at the risk of being prosecuted for international arms trafficking. While it may seem far-fetched to imagine US citizens prosecuted as arms smugglers simply for carrying ordinary business products in their luggage, the law as written allows the government to do just that. At the same time, anyone who is aware of and who tries to follow the regulations is made to jump through pointless hoops that are so obscure that even the people charged with enforcing them don't know quite what to make of them. Copyright 1995 by Matt Blaze. All rights reserved. Electronic redistribution permitted provided this article is reproduced in its entirety. ------------------------------ Date: Fri, 6 Jan 1995 16:36:05 -0800 From: Phil Agre Subject: Work monitoring The *Wall Street Journal* has a couple of articles about work monitoring: Amy Stevens, Clients second-guess legal fees on-line, The Wall Street Journal, 6 January 1995, page B1. This article discusses several law firms whose clients get daily updates on their bills, including explanations for each billed bit of time. Not all lawyers are happy about this, as one might imagine. They probably won't get a lot of sympathy, but imagine a world in which everyone billed by the minute in real time and had to explain any given minute to the customer on demand. This trend may be relevant to another article on the same page: Barbara Carton, What's up doc?: Stress and counseling, The Wall Street Journal, 6 January 1995, page B1. It's about the growth of stress management programs for doctors who can't handle being made to see a new patient every fifteen minutes regardless of the nature of the cases. Phil Agre, UCSD ------------------------------ Date: Fri, 6 Jan 1995 15:17:07 -0500 (EST) From: Cris Pedregal Martin Subject: GRE by computer, the sequel (RISKS-15.30, Dec 1993) GREetings! Just over a year ago *The New York Times* reported that the GRE would be (partially) administered with the use of computers. The system was to be "adaptive" (i.e., questions were selected by the computer based on previous answers by the person tested). I pointed out some RISKS in the use of computers for this in general, and the "adaptive" strategy in particular. I overlooked a simpler RISK. According to a story by Alice Demnner in today's *Boston Globe* (1995 Jan 6, p.4), the computerized GRE has problems because of *recycled questions*. Apparently questions repeated so frequently that they could be memorized and given to other test takers. The Educational Testing Service (ETS, the private entity that administers GRE) is "eliminating about three-quarters [!] of the test dates scheduled in the next five months;" ETS is also "adding questions to the exam." [Which I interpret to mean that they won't change the length but will add more questions to the pool from which the program draws its questions--CPM] [Well, I interpreted an earlier article to suggest merely that they would cut down on the opportunities for people to reuse the same answers! PGN] The problem was identified by Kaplan Educational Centers, which expressed doubts that the ETS would be able to cope with the demand for testing with their reduced schedule. I guess the lesson is to never underestimate the simplest risks. The other lesson, not to base a lot on the GRE scores, was always there. Cris Pedregal Martin pedregal@cs.umass.edu Computer Science Department UMass / Amherst, MA 01003-4610 ------------------------------ Date: Thu, 5 Jan 1995 21:20:27 +0100 From: heinz@hwg.muc.de (Heinz Wrobel) Subject: More on "Cell phones in Israeli army" >From the german newspaper "Starnberger Merkur", January 4th, 1995: [Sorry, my translation and spelling may be inadequate. I try to get the meaning across.] Pizza in the fields Cellular phones make it possible: Israeli soldier's like to order pizza delivered even on delicate duty at the lebanon border. [...] Almost every night they order food at pizza places and restaurants in the neighbourhood. [...] Some pizza joints can already find out about troop movement by analyzing the orders. Even if this currently an exaggeration, it might definitely be a risk for some. Heinz Wrobel heinz@hwg.muc.de [Ah, yes, the old pizza inference strikes again. We have had various reports in the past relating to increased late-night activities in the White House, the Pentagon, etc. The intelligence term for preventing this kind of inference is OPSEC. I guess in the old days it was the apple vendors rather than the pizza parlors that were being watched. This of course led to OPSECing the apple cart. PGN] ------------------------------ Date: 6 Jan 1995 16:35:44 GMT From: jones@pyrite.cs.uiowa.edu (Douglas W. Jones) Subject: Re: Adopting Programming Improvements (Ballard, RISKS-16.71) In RISKS-16.71 Fred Ballard <72400.1525@compuserve.com> discussed the problems with getting programmers to use new features of programming languages in their code. He commented that the example of surgeons learning to wash their hands before surgery suggested that we should expect long delays between the introduction of a feature in a language, for example, the ANSI COBOL solution to the date problem, and the utilization of that feature by "front line" programmers. I believe that there's a sound engineering reason for many programmer's failure to adopt new features of programming languages. It's more than just ignorance and cussed stubbornness that keeps some of us writing in, for example, Kernighan and Ritchie C instead of newer versions of the language! If I am writing software for a specific system, I have no reason not to use the full language that happens to be supported on that system. On the other hand, if I am writing software intended to be portable, I have every reason to avoid new features and language extensions. Each such feature I use will add to the complexity of the instructions I must give for porting the program, and each such feature may prevent some potential user from running my code. For example, if I want to write code using a sophisticated GUI on UNIX, you'd probably advise me to use C++ and Motif, or some similar combination of tools. On the other hand, not all UNIX systems have C++, and not all have Motif. If I want to minimize the work needed to port my code to new systems, I'd better stick to the older, more universally available standards, the Xt widget set and K&R C. Anyone with a UNIX system supporting X will have those! Not all system administrators are technophilic, in the sense that they rush out to get the newest implementation of every language or toolkit as soon as it's released, and as system administration is decentralized, with each workstation user responsible for upgrading their software, more and more people will be running ancient compilers and toolkits simply because it's too much of a hassle to keep installing the newest versions of every language on their system. Doug Jones jones@cs.uiowa.edu ------------------------------ Date: Fri, 6 Jan 1995 16:38:12 -0500 (EST) From: Kenneth Albanowski Subject: Re: CompuServe-Unisys GIF Tax Protest (Bishop, RISKS-16.71) > This standard needs to: > 1) Be compact > 2) Decode fast > 3) Be free from patent/copyright restrictions > 4) Be rapidly available > > JPEG is certainly a candidate as it is a public standard. The only > drawback is the slow decoding time. I'm not saying that replacing GIF is the best solution, but I should point out some additional factors that would be useful in a generalized image format: * The image format should allow for commentary text. * The image format should be able to contain arbitrary binary data. * The image format should support "partial retrieval" where the image data can be used to construct a low-res version before the entire image is received. Currently I am only aware of one application, Netscape, that can make use of this feature, but it is invaluable on low-bandwidth connections. GIF supports all of these features, although they aren't heavily used. Various applications make use of the comment field. Fractint uses custom "tagged" data to store fractal generation parameters in the image, and Netscape can use interlaced GIFs to support low-to-high resolution retrieval of an image. GIF has turned out to be an extremely important and useful graphics format, with some of it's features (like interlacing) only beginning to be used. Before replacement of something is considered, we must fully understand what it is we already have. Kenneth Albanowski (kjahds@kjahds.com, CIS: 70705,126) ------------------------------ Date: 22 December 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not yet automated). SUBJECT: SUBSCRIBE or UNSUBSCRIBE; text line (UN)SUBscribe RISKS [address to which RISKS is sent] CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. All other reuses of RISKS material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using RISKS material should obtain permission from the contributors. CURRENT ARCHIVES: "ftp unix.sri.comlogin anonymousYourName cd risks or cwd risks, depending on your particular FTP. Issue J of volume 16 is in that directory: "get risks-16.J". For issues of earlier volumes, "get I/risks-I.J" (where I=1 to 15, J always TWO digits) for Vol I Issue j. Vol I summaries in J=00, in both main directory and I subdirectory; "bye" I and J are dummy variables here. REMEMBER, Unix is case sensitive; file names are lower-case only. =CarriageReturn; UNIX.SRI.COM = [128.18.30.66]; FTPs may differ; Unix prompts for username, password; bitftp@pucc.Princeton.EDU and WAIS are alternative repositories. Risks can also be read on the web at URL http://catless.ncl.ac.uk/Risks Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html (Please report any format errors to Lindsay.Marshall@newcastle.ac.uk) FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot send E-mail to risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 16.73 ************************