RISKS-LIST: RISKS-FORUM Digest Thursday, 31 December 1987 Volume 5 : Issue 84 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Risks of Robots (Eric Haines) Christmas Exec AGAIN! (Eric Skinner) Computer glitch stalls 3 million bank transactions for a day (Rodney Hoffman) Switch malfunction disrupts phone service (Richard Nichols) 40,000 telephones on "hold" (Bob Cunningham) Unions denied access to commercial database services (Originally by Jeff Angus and Alice LaPlante via Michael Travers via Eric Haines via John Saponara) 'Leg Irons' Keep Inmates Home (Randy Schulz) Re: Logic Bomb case thrown out of court (Amos Shapir) Missouri Court Decision on Computerized Voting (Charles Youman) pc hard disk risks -- and a way out? (Martin Minow) Viruses and Goedel bugs (Matthew P. Wiener) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j, FTP SRI.COM, CD STRIPE:, GET RISKS-i.j. Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97). ---------------------------------------------------------------------- Date: Wed, 30 Dec 87 09:44:31 mst From: hpfcrs!eye!erich@hplabs.HP.COM To: RISKS@csl.sri.com Subject: Risks of Robots (From comp.sys.apple) Reach for the Sky. The US Department of Agriculture has encountered an unanticipated difficulty in its project to develop robot fruit pickers. To contain costs, the robots were designed with monochrome scanners. Unfortunately, to the robots, an orange has the same size, shape, and brightness as a small cloud. Current robot pickers are often hung up literally reaching for the clouds. The USDA says it's back to the drawing board - this time using color. (From "Random Access", 21 November 1987) [Was this in Orange Count-y? By the way, a cotton-picking robot might still have trouble with white clouds. Fruit-of-the-zoom? PGN] ------------------------------ Date: Wed, 30 Dec 87 11:31:51 EST From: Eric Skinner Subject: Christmas Exec AGAIN! To: RISKS@csl.sri.com An interesting point that has not been mentioned so far is that, at least in the version that reached BITNET sites in Canada, there was a major bug in the code of the program. It parsed the NAMES file in a very inflexible way causing it to have a success rate of about 5% at coming up with valid forwarding addresses. If the programmer had been more careful, we might have been in an even bigger mess. So there are fewer risks when a program has bugs? :-) Eric Skinner, Computing Centre, University of Ottawa ------------------------------ Date: 25 Dec 87 15:54:56 PST (Friday) From: Hoffman.es@Xerox.COM Subject: Computer glitch stalls 3 million bank transactions for a day To: RISKS@csl.sri.com The Dec. 24 Los Angeles Times reports that "an unexplained computer glitch caused a one-day delay in posting an estimated $2 billion in transactions at First Interstate Bank of California last week." The data processing problem affected all checking account transactions last Thursday -- 3 to 4 million, both deposits and checks, an estimated $2 billion total. For unexplained reasons, the entire record of Thursday's transactions from the bank's branches was rejected by the computer when posting was attempted at 10:30 pm Thursday. DP employees worked on the problem all night and the following day, and the transactions were finally posted late Friday afternoon. The problem was corrected in time to avoid any widespread effect on customer accounts. A bank executive VP said, "We did not have a disaster. We had a systems problem that we are still diagnosing to make sure it doesn't happen again." ------------------------------ To: cbosgd!KL.SRI.COM!RISKS Subject: Switch malfunction disrupts phone service Date: 29 Dec 87 12:03:31 CST (Tue) From: ihnp4!chinet!rdn@ucbvax.Berkeley.EDU (Richard Nichols) Organization: Chinet - Public Access Unix Copied without permission from the Post Tribune (Gary , IN) MALFUNCTION DISRUPTS GARY PHONE SERVICE FOR 18,000 CUSTOMERS GARY -- Many people living or working here found it impossible to use the phone early Thursday [Dec. 10, 1987]. A malfunction during routine testing of equipment at an Indiana Bell Telephone Co. switching office at 725 Madison St. was blamed by telephone company officials for disrupted service for abount 18,000 customers with 881, 882, 883, 885 and 886 prefixes. Gary police and fire department representatives said the city's 911 line was working, so emergency vehicles were able to respond to calls. Non-emergency business lines were out of service, they said. The equipment failure occured at 5:45 a.m. with some phone customers regaining partial service by 7 a.m., said Estel Gibson, media relations manager for Indiana Bell in Indianapolis. Service was restored by afternoon, he said. Gibson said that during the testing, equipment was switched to battery power. The battery power was low and there was no warning, so when equipment was switched back to commercial power, the computer memory system was knocked out, requiring reprogramming of the computer, he added. Besides five Gary phone prefixes, the system malfunction also affected access to long distance lines in north Lake County, said Gibson. Local calls were not affected outside Gary, he added. Gibson said the malfunction in switching equipment affected 18,400 lines in Gary. "Our first priority was to restore service," said Gibson. The second priority was to check the backup system to make sure it is working properly, he added. At Methodist Hospital Northlake Campus in Gary, the nursing coordinator had to use a two-way radio for communications inside the building, a hospital representative said. At St. Mary Medical Center in Gary, calls were routed through the switchboard at the Gary hospital, a hospital representative said. ------------------------------ Date: Tue, 29 Dec 87 10:08:59-1000 From: Bob Cunningham To: risks@kl.sri.com Subject: 40,000 telephones on "hold" Almost 40,000 Honolulu telephones were in and out of service yesterday (the first working day after Christmas), including the police/fire emergency number 911, and non-emergency Fire and Police numbers, due to a possibly faulty computerized switch, and an unusually heavy volume of calls. The 40,000 customers were in 8 Honolulu exchanges, covering a large section of the downtown area. Unlike the 5,000 or so phones that were down during last the heavy rainstorm last week, this problem was not weather-related. John Harper, Hawaiian Telephone's Director of Public Affairs explained that when the volume of calls rises to a high level, rather than falter completely the switching equipment goes into a "half load" status, handling only some incoming calls and often not delivering a dial tone to customers within the affected exchanges. The unusal aspect of yesterday's problem was that the volume of calls was nowhere near its rated load capacity. However, the switch was also busy doing extensive automatic self-diagnostics in order to locate an internal malfunction that it had detected within itself. Hideto Kono, the chairman of the state Public Utilities Commission---whose phone was one of those affected---was very upset, saying that the recent outages caused by flooded cables were "understandable and excusable," but yesterday's problems were not. "Equipment is available that works well almost all the time, and we're going to be asking Hawaiian Telephone why its present equipment can't operate that way." Bob Cunningham, Hawaii Institute of Geophysics, University of Hawaii ------------------------------ Date: Thu, 31 Dec 87 10:41:15 EST From: saponara@tcgould.TN.CORNELL.EDU (John Saponara) To: RISKS@csl.sri.com Subject: Unions denied access to commercial database services (Originally From comp.society.futures.) Eric Haines >From: mt@MEDIA-LAB.MEDIA.MIT.EDU (Michael Travers) Subject: Unions denied access to commercial database services I came across this in InfoWorld (Nov 23, 1987). It has some scary implications about the desire and ability of corporations to control access to information. This points up the need for alternative power structure databases such as those that were discussed on prog-d a few months ago. - - - - - - - - - - - - - - - - Restricted Access Riles Dialog Users by Jeff Angus and Alice LaPlante Subscribers to on-line databases may increasingly see the words "unauthorized file" when they try to use certain services, if a recent trend continues unchecked. Last week, Dialog Information Services, a carrier of Dun & Bradstreet financial databases--including the now-restricted Dun's Financial Records--told labor union librarians that they would no longer be able to access certain files. "If it's allowed to go on, this could set a precedent for a wide range of discrimination in online services, which are essentially public utilities," said Randy Barber, a financial consultant with the Center for Economic Organizing, in Washington. This time the discrimination is aimed specifically at labor unions and possibly the IRS, according to Barber. But if online services such as Dialog can cut off certain subscribers simply because of fears about how the data will be used, the next step could be routinely forbidding customers to access certain files at the slightest hint of an adversarial motive, according to Barber. "It could get to the point where you'd have to have a demonstrably benign reason to access certain data," said Barber. "This precedent could have severe repercussions on the free market for ideas." According to the AFL-CIO's librarian, Ruby Tyson, when she first got the "unauthorized file" message while trying to access the Dun database, she was referred by Dialog to the New Jersey office of Dun & Bradstreet On-line Services, where a spokesman told her a list of 240 "entities" had been compiled and sent to Dialog with the instructions to deny access to any person or organization on that list. "We were told it wasn't just unions but other groups, including the IRS," Tyson said, adding that Dun & Bradstreet hinted the ban might be extended to other databases as well. Both Dialog Information Services and Dun & Bradstreet refused to comment, but Marvin Hrubes, an attorney representing the United Food and Commercial Workers International Union (UFCW), sent a letter to both organizations charging that Dun & Bradstreet's actions constitute tortuous interference with the UFCW's contract with Dialog and are violations of the National Labor Relations Act and the civil rights laws of both California and the District of Columbia. Tyson as well as Ellen Newton, librarina of the United Food & Commercial Workers International, say Dun's on-line information can be gathered through hard copies of the data. But this defeats the purpose of subscribing to an on-line service since researching and tabulating data manually using hard copy is complex and time-consuming, they said. Tyson and Newton find the Dun move and Dialog's assent to it not only an inconvenience, because the service is so productive, but also an offense to their librarians' sense of the appropriate access to information, they added. "We think it's a serious matter and something that causes concern for libraries in their role of providing access to the broadest possible diversity of ideas," said Patrice McDermott, the assistant director of the Office for Intellectual Freedom of the American Library Association. Newton added that he has seen the information spreading. "Dun & Bradstreet has also knocked us off of Data Times," he said. "We just got a message saying that Dun's database service is unavailable under our agreement, which can't be true because we haven't signed any new agreement since Data Times added the Dun Service." Newton spoke to a Data Times spokesoman who said that Dun & Bradstreet had also sent his company a list of names of entities to be denied access. ------------------------------ Date: Sun, 27 Dec 87 14:05:34 PST From: Randy Schulz To: risks@csl.sri.com Subject: 'Leg Irons' Keep Inmates Home The following article, whose headline is the Subject: line of this message, is from the "Fourth District Report" (a newsletter sent to all constituents) issued by Los Angeles County Supervisor Deane Dana's office, dated Winter 1987-88. Carefully quoted verbatim (mistakes and all) and in its entirety w/o permission. No copyright notice appears on the newsletter: A modern-day version of "leg irons" is now being used to monitor the location of selected Los Angeles County inmates who as a term of their sentences are generally restricted to their homes. It is part of a pilot program that extends through September, 1988, using Comptom area probationers selected by the courts. The electronic devices are attached to the probationers' legs. Their movements are monitored by Trax Monitoring, Inc., which provided the devices. When we are faced with a jail overcrowding problem of tremendous proportions, elecronic surveillance of those probationers deemed suitable for the program offers at least a partial answer." At present, county jails have some 20,000 prisioners detained in facilities designed for 12,000 inmaates. Paragraph three is apparently a quote, probably from supervisor Dana, though it is missing an open quote mark and an attribution, as you can see. Although no real information on how the system manufactured by Trax Monitoring, Inc. operates, it is probably reasonable to assume that computers are a part of it. That there may be risks to the public in its use seems a fair bet. While it's clear that this system is being used experimentally only on low-risk "inmates", there is presumably an interest in expanding its use as a "cost-effective" alternative to prison/jail construction. In the same newsletter there is an article entitled "DRUGS. Experts map 32-point plan". Here are some excerpts from that article: Education, automation and methods to improve interagency communcation are the focal points of a 32-point list of recommendations by the Los Angesles County Task Force on Drug Abuse to stregthen the public's war on drugs. ...Other recommendations include: Increased automation on probation conditions; establishing a centralized repository of data on drug arrests, seizures and trends to be available countywide; standardized certification for drug diversion programs for length, content, defendant participation and random drug testing; and, regular meetings among representatives of drug enforcement, abuse services and prevention-education agencies to discuss and resolve problems. [ Please pardon the poor grammar of the staff of my County's elected officials... ] Randall Schulz, Locus Computing Corporation, 213/452-2435 {trwspp,ucivax}!ucla-va!ucla-cs!lcc!randy {ihnp4,randvax,sdcrdcf,ucbvax,trwspp}!ucla-cs!lcc!randy ------------------------------ To: nsc!comp-risks@Sun.COM From: nsc!taux01!taux01.UUCP!amos@Sun.COM (Amos Shapir) Subject: Re: Logic Bomb case thrown out of court (RISKS DIGEST 5.80) Date: 25 Dec 87 14:20:53 GMT Organization: National Semiconductor (Israel) Ltd. In article <12360370542.28.NEUMANN@KL.SRI.COM> Geoff Lane writes: >There used to be a problem in British law (and it may still exist) in that >evidence could only be given by humans. Information generated by a computer >without the explicit involvement of a human could not be used in court. They do have a case here - anyone who has supervisor permissions on almost any computer system (and these might be obtained illegally) may generate any information, including hiding the traces of what s/he had done. After all, it's all just bits! So almost nothing can be proven without a reasonable doubt. The problem is, this also applies to digital recording - both audio and video. A person with the right (wrong?) equipment can generate a video clip showing anyone committing any crime! Amos Shapir (My other cpu is a NS32532) National Semiconductor (Israel) 6 Maskit st. P.O.B. 3007, Herzlia 46104, Israel Tel. +972 52 522261 amos%taux01@nsc.com (used to be amos%nsta@nsc.com) 34 48 E / 32 10 N ------------------------------ Organization: The MITRE Corp., Washington, D.C. To: risks@csl.sri.com Subject: Missouri Court Decision on Computerized Voting Date: Tue, 29 Dec 87 09:17:53 EST From: Charles Youman (youman@mitre.arpa) While I was in St. Louis visiting my inlaws over the holidays, I read an article in the local paper about a court decision that found the computerized voting process used in Missouri was discriminatory. The loser of a close election had filed the suit in question. I didn't save the article and I don't think the article explained what was discriminatory about the voting procedure. The article did say that similar procedures were used in other states. Charles Youman (youman@mitre.arpa) ------------------------------ From: minow%thundr.DEC@decwrl.dec.com (Martin Minow THUNDR::MINOW ML3-5/U26 223-9922) Date: 25 Dec 87 12:15 To: risks@kl.sri.com Subject: pc hard disk risks The discussion about virus programs reminds me that one thing I wish my PC's hard disk had was a "write-enable" switch, so I could test new programs with less worry about system corruption. (Also, the disk manufacturers and/or pc vendors don't seem to distribute anything resembling test software). Martin Minow minow%thundr.dec@decwrl.dec.com ------------------------------ Date: Sat, 26 Dec 87 02:43:06 pst From: weemba%garnet.Berkeley.EDU@violet.berkeley.edu To: RISKS@kl.sri.com Subject: Viruses and Goedel bugs Last spring or summer the journal _Computer Security_ (?) carried a paper about the author's (company approved) experimentation with viruses. Alas, his research was closed down by his company, who got extremely nervous. Sorry I can't be more definitive; I'm surprised no one has mentioned this paper before. The self-referential photocopier duplexor error that prevented the user from finding out what a duplexor was forms the key point of the plot of the fabulous science fiction story "Ms Fnd in a Lbry" by Hal Draper. (It's in Groff Conklin's _17 x Infinity_, beyond that I don't know.) (TOTAL SPOILER FOLLOWS...) Information is compactified into "nudged quanta", so the total primary knowledge of the galaxy fits in a single drawer. However, the secondary and higher order knowledge to >find< the primary knowledge grew exponentially. At some point, a certain nth-order quanta got stuck; checking for repair information got routed through that very quanta; emergency checking for the location of that original drawer of primary knowledge .... And so civilization collapsed instanter. (Also, the bug reminds me of the true Cray story I submitted anonymously long ago, where an array bounds overflow corrupted the Fortran formats that attempted to trace the array.) -Matthew ucbvax!garnet!weemba Matthew P Wiener/Brahms Gang/Berkeley CA 94720 ------------------------------ End of RISKS-FORUM Digest ************************