25-Jul-87 16:44:25-PDT,29491;000000000000 Return-Path: Received: from csl.csl.sri.com (CSL.SRI.COM) by F4.CSL.SRI.COM with TCP; Sat 25 Jul 87 16:42:00-PDT Received: from F4.CSL.SRI.COM by csl.csl.sri.com (3.2/4.16) id AA15919 for RISKS-LIST@f4.csl.sri.com; Sat, 25 Jul 87 15:33:53 PDT Message-Id: <8707252233.AA15919@csl.csl.sri.com> Date: Sat 25 Jul 87 15:30:33-PDT From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 5.16 Sender: NEUMANN@csl.sri.com To: RISKS-LIST@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Saturday, 25 July 1987 Volume 5 : Issue 16 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: $23 million computer banking snafu (Rodney Hoffman) Computer crime, etc. (Matthew Kruk, PGN) Reactor control-room design and public awareness (Robert Cohen) Computerized Tollbooths Debut in PA (Chris Koenigsberg) Re: ATC Responsibilities (Alan M. Marcum) Air traffic control and collision avoidance (Willis Ware) Risks of computerizing data bases (Tom Benson) Re: electronic cash registers and wrong prices (Brent, Brian R. Lair, Will Martin, Mark Fulk) Taxes and who pays them (Rick Busdiecker, Andrew Klossner) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. FTP back issues Vol i Issue j from F4.CSL.SRI.COM:RISKS-i.j. Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97). ---------------------------------------------------------------------- Date: 24 Jul 87 08:11:36 PDT (Friday) From: Hoffman.es@Xerox.COM Subject: $23 million computer banking snafu To: RISKS@csl.sri.com Cc: Hoffman.es@Xerox.COM Edited and excerpted from the Los Angeles Times, Friday, July 24: $23-MILLION COMPUTER SNAFU ADDS TO BofA'S TROUBLES Bank of America quietly acknowledged a $23-million computer snafu that is alienating key customers and will likely take months to fix. The one-sentence disclosure in the company's second-quarter financial report said, "the corporation established a reserve for estimated costs, arising from problems in Bank of America's conversion to a new trust accounting and reporting system, which reduced net income by $23 million." The problems arose when a new system, MasterNet, was brought on line in March before being fully debugged to replace an aging system. "They committed two cardinal sins," a trust dept. official said. "They took down the old system before the new system was up and running. And they were the first big bank to install the system. A key rule in computer software is: Never go first." As a result, sources say, the system has crashed for days at a time, the bank is months behind in providing customers with their monthly statements and there have been potentially costly delays in trading securities. Sources called it a major embarrassment. "Heads are going to roll." The institutional trust services department administers more than $38 billion in pension fund and other assets for more than 800 corporations, unions, and government agencies. MasterNet was designed by Premier Systems Inc., a Wayne, Pa., software services company. "It is not our practice to discuss successes or failures," said Arthur A. Kock Jr., vice president and chief financial officer. [I guess potential customers just like their name?! -- RH] The system is designed around four Prime Computer models known as Leopards, costing about $750,000 each. "Prime has had at least five people here full time trying to staighten things out," a bank official said. "This is going to be a really slick system, when it works," he added. [Chickenfeed? BofA just declared a $1.14 Billion loss for the quarter on anticipated writeoffs for bad loans... PGN] ------------------------------ Date: Fri, 24 Jul 87 09:23:26 PDT From: Matthew_Kruk%UBC.MAILNET@MIT-Multics.ARPA To: risks@csl.sri.com Subject: Computer crime, etc. Speaking of computer crime, etc., it is timely that I noted the following article from Associated Press "buried" in our local paper: Computer crime ring broken Pittsburgh - Nine high school students in Pennsylvania have been arrested as part of a countrywide computer crime ring that illegally bought millions of dollars worth of goods and services, authorities say. Juveniles and adults from New York City to California were involved, police said. The ring illegally obtained thousands of credit card numbers by using telephone hookups to tap the lines on which cards are checked eletronically in many stores. Illegal purchases of goods and services were made "in the millions," police officer John Michalec said Wednesday. More arrests are expected, he said. Michalec said the ring also gained access to various government computers but he declined to elaborate "because of very delicate national security concerns that we don't want to talk about." ------------------------------ Date: Sat 25 Jul 87 15:05:07-PDT From: Peter G. Neumann Subject: Computer crime, etc. -- and etc. To: RISKS@csl.sri.com In the same week, two youngsters involved in the P.Floyd breakins at Stanford an Berkeley were apprehended on the west coast. Apparently the FBI and Secret Service have been trying to crack down on crackers. (See three articles by John Markoff in the SF Examiner, 23 and 24 July for background.) Disclaimer: RISKS does not condone unsavory cracking, and certainly does not wish to glorify it. The systems that were broken into were not considered to be highly secure systems. However, we have noted here that even systems that are considered highly secure can be vulnerable to attack. On the other hand, we strongly urge emphasis on teaching that pervasively stresses social values and ethics as an integral part of education and life experience, not just on encouraging our youths to learn how to manipulate computers. PGN] ------------------------------ Date: Fri, 24 Jul 87 23:17:48 PDT From: ptsfa!rhc@Sun.COM To: RISKS@csl.sri.com Subject: Reactor control-room design and public awareness (RISKS-5.15) Organization: Pacific * Bell, San Ramon, CA This is regarded in several sectors as an increasingly sensitive subject, and I am of the growing opinion that it not appropriate to discuss this subject in an open forum. Readers should also note that several of the FORMER readers have included `experts' in this field. --eugene miya, NASA Ames Research Center Eugene, Because it is an increasingly sensitive subject is exactly the reason it SHOULD be discussed. This is an open society, North, Poindexter, and the 'gipper' notwithstanding. If you don't want to express your opinions and share your knowledge about how to safely deal with the nuclear plants, then fine. I think this should be discussed so that we can know more about what may go wrong and how it happens. How else do you expect one to have an informed opinion? Osmosis?? (all standard disclaimers apply - your actual baud rate may vary, depending upon atmospheric and cosmic disturbances) Robert Cohen, San Ramon, California {ihnp4,lll-crg,qantel,pyramid}!ptsfa!rhc [This is of course a very old debate in RISKS. In general, the awareness that there are serious problems is clearly a RISKS-related topic. Considering the potentials for sabotage, misguided experiments, and so on there is a little justification for hiding the specific problems. However, if the existence of such problems is hidden, the public can be grossly misled. This debate thus echoes some of the Contragate hearings on what the public should know... RISKS always tries to opt for openness, while recognizing the sensitivity of certain details. PGN] ------------------------------ Date: Fri, 24 Jul 87 10:49:02 edt From: ckk+@andrew.cmu.edu (Chris Koenigsberg) To: risks@csl.sri.com Subject: Computerized Tollbooths Debut in PA The morning paper reported that new a computerized tollbooth system made its debut yesterday on the Pennsylvania Turnpike, at the King of Prussia/Valley Forge interchange (the exit for Philadelphia). It resulted in huge snarled traffic jams and delays. Apparently they replaced the old toll cards, which you used to hand to the attendant who then asked for your fare, with new ones that you insert directly into a slot to be read by a computerized system which displays your fare on an LED readout. The new cards are so small, though, that no one can read them. So people didn't know what the fare was going to be until they saw it on the readout, whereas people used to read their card ahead of time and have their money ready. ------------------------------ To: seismo!comp-risks@seismo.CSS.GOV From: sun!marcum%nescorna@seismo.CSS.GOV (Alan M. Marcum) Subject: Re: ATC Responsibilities (RISKS-5.15) Date: 24 Jul 87 18:35:17 GMT Organization: Sun Microsystems, Mountain View In RISKS 5.15, Andy Freeman queried: > What are the pilot's responsibilities and liabilities? What about the > controller's? The Federal Aviation Regulations are the laws governing aviation in the US. Subchapter F of the FARs is entitled "Air Traffic and General Operating Rules"; Part 91 of the FARs (part of Subchapter F) is entitled "General Operating and Flight Rules." FAR 91.3 states: 91.3 Responsibility and authority of the pilot in command (a) The pilot in command of an aircraft is directly responsible for, and is the final authority as to, the operation of that aircraft. So, the PIC has total responsibility. 91.3 continues: (b) In an emergency requiring immediate action, the pilot in command may deviate from any rule of this subpart [91-A: General] or of Subpart B [91-B: Flight Rules] to the extent required to meet that emergency. Yes, there is accountability for emergency deviations, under 91.3(c). (In fact, it's interesting to note that a large number of pilots have delayed declaring an emergency, or failed to declare an emergency altogether, because of this potential accountability. The FAA's official word -- and practice, from history -- is to declare the emergency, make the necessary deviations, and not to worry about "enforcement.") Regardless, this gives an idea of the authority of the PIC. Note that these regulations apply equally to all non-military flying in the US, air carrier, air taxi, and general aviation alike. As a (private) pilot, I take the accountability portions of FAR 91.3 very, very seriously. Alan M. Marcum, Sun Microsystems, Technical Consulting, Mountain View, CA [Also noted by John Allred and berry%solaria.s1.gov@mordor.s1.gov] ------------------------------ To: RISKS FORUM (Peter G. Neumann -- Coordinator) Cc: willis@rand-unix.ARPA Subject: Air traffic control and collision avoidance Date: Fri, 24 Jul 87 15:39:06 PDT From: willis@rand-unix.ARPA Andy Freeman's comment in RISKS-5.15 and the ongoing discussion of ATC and related affairs prompts me to offer some historical perspective on the contemporary air traffic control system and anti-collision devices. Its history but it also has relevance to us as professionals in a computer world. In World Wide II, an electronic radio-based technique called Identification Friend or Foe (IFF) was invented by the British. The problem at the time was to tell whether a radar-detected aircraft belonged to our side or to the other side. Successive generations of the system were designed and by the time it got to the one called Mark III, the various equipments in the system were brought to this country where everything was re-engineered and put into production for the Allied forces. The Hazeltine Electronics Corp, then of Little Neck, (Long Island) NY, was the focal point in the country for IFF work under USN contracts. Today we would call Hazeltine the systems engineering and support contractor. The transponder gave a very simple reply to each interrogation pulse: a narrowly spaced pair indicating a normal response and a widely spaced pair indicating an emergency situation -- no identification of individual aircraft. In fact, there's a famous incident concerning the capture of several IFF equipments by the Germans from downed Allied aircraft; the foes flew in looking like friends and clobbered (I think it was) Bari, Italy almost into oblivion. Toward the end of WW-II, the USN sponsored the design and development of a successor system called Mark V. Among other improvements, it transmitted a 10-bit response which could be coded to identify individual aircraft and operated at a higher frequency (L band) so the antennas could be smaller. The war ended before Mark V got widely deployed and Hazeltine found itself with all the great technology and ideas looking for a problem in the civilian world. Some internal studies were done and Hazeltine proposed a national air traffic control system which layered the airspace into 1000' increments (even altitudes going one way and odd altitudes, the other), put altitude-reporting transponders on all aircraft, assigned a unique identifier to each aircraft, and used ground interrogators to challenge the transponders. The responses were to be displayed on PPI scopes which also would contain correlated radar responses simply by synching the radar and interrogator transmiters. It was a very primitive digital system and naturally was to be done in vacuum tubes -- which is all there was at the time! Then (1945-47) only the ENIAC had been built; the UNIVACs and the Princeton family of machines had yet to be developed. The digital computer had yet to really emerge so that the ground environment was not proposed to be highly automated. Now to the point of this history. At the time, one of the important arguments, if not principle, was the question of responsibility. There were discussions about whether the pilots would accept a traffic control system that was ground based and would only give him directions. In fact, there were proposals to put the air picture together on the ground and transmit it back to the cockpits for decision making aloft. All of the basic ideas in today's ATC were conceived, proposed, and implemented in the hardware-of-the-day some 40 years ago including the frequency assignments. The only conceptually new thing that has come along has been the computer-based automation that supports the controllers, although there has been of course a multitude of technology and engineering advances and the evolution of efficient operating procedures and overall system administration and some elaboration of the original basics. At the same time, the altitude-reporting transponder is a relatively recent addition; it roughly parallels the introduction of jet aircraft. We all recall the slow progress of a ground-based ATC. Quite aside from the usual problems of introducing a new technology and persuading airline companies to put more equipment on aircraft (that, at the time, were generally weight, not volume, limited in carrying capacity), the pilots argued for having ultimate responsibility and decisions. For quite a while, we ran a national airspace with ground-based rotating light beacons, and various radio navaids. We didn't have radars, much less a transponder system. Anti-collision proposals have followed the similar path; and for the same reason, we still don't have them in place except experimentally. One of the long running arguments has been the self-same "place of responsibility." The pilot, supported by his union and legal forces, has argued that the ultimate decisions had to be in the cockpit because of the legal responsibility mentioned by Andy Freeman. The electronikers of course argued that the job could be done much more effectively, efficiently, comprehensively, and cheaply on the ground. Honoring the established wisdom of learning from history, there is something for our business. Namely, in the solutions and conceptual frameworks that we propose for this, that, or the other application, we'd better be mindful of the legal environment in which the users of our systems will be; we'd better be especially sensitive to the legal obligations of the system users vs. where we put the automated support, how we funnel its output to the legally obligated users, and what legal responsibility it incurs. It also relates to an aspect of compusec that has been little talked about; in fact I never recall it coming up in the defense environment although "2-man control" is a long established principle in stategic weapons control. It has come up only a little in the commercial compusec world although it's an implicit principle in traditional conduct of business in a paper world. It's "role separation" or division of responsibility. Appropos of the insider threat and the overall integrity of system operation, there is a growing awareness that separation of role is an unaddressed but important latent issue in the compusec world. One shouldn't have the same individual both writing checks and signing them, nor should the implementation of a system allow an otherwise authorized user to have unauthorized access to both functions. This principle also serves the reliability-of-performance issue. For some applications, notably ones involving high risk and/or public safety, one may be wise to separate the automated functions of monitoring and reporting from the (possibly automated or possibly manual) actual control of the process. But even then, we better watch the legal assignment of responsibility vs. the source of data on which to make decisions under that responsibility. Willis H. Ware, Rand Corp., Santa Monica, CA ------------------------------ Date: Fri, 24 Jul 87 11:14:36 PDT From: @wiscvm.wisc.edu:T3B@PSUVM.BITNET "Tom Benson 814-238-5277" Subject: Risks of computerizing data bases To: RISKS@csl.sri.com The following issue is a relatively one technically, I suspect, but may be fairly common. I am the co-author of a small book on nonverbal communication (Benson & Frandsen, NONVERBAL COMMUNICATION, Science Research Associates). For some time the book had a fairly large market as a textbook. Suddenly the sales fell off. Then my own university bookstore reported to me, when I tried to order it as a text, that it was out of print. I was pretty sure this wasn't so, and in a series of calls tracked down the answering/ordering service from which all college bookstores order the book. It turns out that the book was listed on the computer database under the name of the series of which it is a part (Modules in Speech Communication) and that occupied the title field; an attempt to request the title NONVERBAL COMMUNICATION returned a message that there was no such title, which the operator naturally interpreted by telling the bookstore there was no such title, so it must be out of print. So bookstores told this to professors, who ordered a different book. This first happened almost two years ago, and was followed by promises to correct it. It happened again last week. It would seem that this is probably a fairly common situation, and that it is one that is very unlikely to reveal itself, since most people would not argue with the computer on such an issue. I'd be interested to hear whether such simple but mostly undetected errors (with real consequences in this case for the availability of this book) are common--and commonly corrected. ------------------------------ Date: Fri, 24 Jul 87 14:06:23 edt Subject: Re: electronic cash registers and wrong prices From: ucbcad!ames.UUCP!gatech!itm!brent@ucbvax.Berkeley.EDU To: CSL.SRI!RISKS@csl.sri.com Organization: In Touch Ministries, Atlanta, GA Here in Atlanta, the Kroger stores advertise their "scan-rite" policy. That is, if any item gets rung up via UPC with a different price than that listed on the shelf, (and you catch them at it) you get that item free. This seems a reasonable policy in that "the punishment fits the crime." brent laminack (gatech!itm!brent) ------------------------------ To: risks@csl.sri.com Subject: Re: Electronic Cash Registers From: blair%ncrwic%ncrlnk.dayton.ncr.com@RELAY.CS.NET Date: Fri, 24 Jul 87 09:30:19 -0400 (at ncrlnk.Dayton.NCR.COM) Michael Scott mentions an incident in which he was overcharged at a supermarket due to a discrepancy between the shelf price and the store computer's UPC database. The customer service desk expressed no sympathy, either. Here in the Midwest we have a popular supermarket chain called Dillons whose president states (on the grocery sacks!) that he is so confident in his stores' computer/scanners (NCR) that he guarantees that if an incident similar to Mr. Scott's occurs, the customer receives the disputed item for free. Not a bad idea! Brian R. Lair NCR Corporation, E&M Wichita, Product Technology Development <{ece-csc,hubcap,gould,rtech}!ncrcae!ncrwic!brian.lair> ------------------------------ Date: Fri, 24 Jul 87 10:21:49 CDT From: Will Martin -- AMXAL-RI To: risks@csl.sri.com Subject: Re: Electronic cash registers The RISK to the public of incorrect computer-controlled grocery-store pricing may be the most common form of computerized fraud perpetrated on the general populace. At least, I think it is the most likely to happen to the ordinary individual. The inconsistency between shelf-posted prices and what the stores' computers have as the on-line price is still fairly common around here (St. Louis); more likely at National stores, which is one of the two chains I normally shop at. When scanning came in and individual-item price-marking was dropped, there was much publicity about how the stores would give you your money back if you were charged more than the shelf price. These policies are still in effect, but are not publicized any more. Also, I think the staff have gotten so used to the system that they have become sloppy and careless. I often get several dollars' worth of free groceries by remembering what the shelf price is and watching the display during checkout. You just pay what the register shows, and then take the ticket and items to the manager's cubicle and point out the discrepancy. The way the refunds are implemented now is that, if you bought more than one each of an item where the price was wrong, you get one free and a refund for the difference on the others. If you bought one each of several items where the prices were wrong, you get all the cost refunded (plus you get your sales tax back, too, of course). One interesting aspect of this is that the local stores have been doing "double coupons" for the past year or two -- if you had redeemed a coupon on the item, they are paying you twice the coupon value to take the thing! (Only once did the manager check on coupons and give me back the coupon and cancel out its redemption and adjust the refund accordingly.) This is actually cheaper for the stores than trying to do it right in the first place, I think. They are paying me by giving me free groceries to do their job for them; since probably only a tiny fraction of the great unwashed consuming public pays close enough attention to what they are doing to catch these price discrepancies, it doesn't really cost the stores that much -- undoubtedly cheaper than it would cost to pay their staff high enough wages to expect them to be more accurate all the time! Plus, of course, they get the extra income from overcharging the majority of customers until they are caught. The stores also have an interesting method of correcting the discrepancy: they never change the computer price -- they just change or remove the shelf tag! (At least I have never seen any evidence that the computer- stored price gets changed.) When you report the discrepancy to the manager, they send a stockboy to pull off the shelf tag. This sort of thing can be consistent and repeatable, too -- for example, there is a local brand of taco chips I only buy when they are on sale for 99 cents a bag istead of the usual $1.29, and EVERY time I buy these I get a free bag! The store seems to never change the computer price when they put up the "sale" sign on the chip display! (Usually I buy these on Monday, the first day the new price would be in effect, but I have run into this as late in the week as Wednesday evening. That means that three days' worth of shoppers have not yet noticed the price difference, in a huge busy store, or the computer price has not been updated despite reports.) Anyway, if you are alert enough to pay attention, this is one RISK that you can turn to your advantage. Regards, Will Martin ------------------------------ Date: Fri, 24 Jul 87 14:29:55 EDT From: fulk@cs.rochester.edu To: RISKS@csl.sri.com, scott@cs.rochester.edu Subject: supermarket scanner errors [Note to risks readers: Michael Scott and I are colleagues in Rochester. Topps and Wegmans are the largest of the local grocery chains, and the main representatives of the hypermodern gigantic school. Topps goes for the blue-collar clientele; Wegmans is ritzier.] Topps or Wegmans? We always have this problem at Topps, and average about 25 cents a trip or so in scanner errors. We check the receipt very thoroughly every time; I'll go back in the store and recheck shelves to be sure. They are always very nice about giving us our money. At Wegmans, on the other hand, you get the item free, or a dollar back, whichever is less. One used to get the entire order free at Wegmans for catching a scanner error; from the fact they stopped, I gather that other people than I noticed the following obvious strategy: buy one copy (at least) of every item in the store; one item is sure to scan wrong, so you will get the entire order free. Out of some undoubtably foolish sense of rightness, I never tried this; however, I did get several free normal orders for noticing scanner errors. The change in policy has caused me to switch to Topps, which has generally lower prices. I just have to be more watchful. Please to note that the number of scanner errors is substantially smaller than the number of errors committed by clerks at manual cash registers; furthermore, the scanner errors are much more easily checked, since each line of the receipt shows the item scanned. I have only caught one error in interpreting the bar code. Mark [I have omitted a slew of additional messages on this subject, some of which are worthy but others of which are rather chatty. It is hard for me to accept just a novel portion of a long message. RISKS usually gets deluged on issues that affect us personally, particularly in the wallet. PGN] ------------------------------ Date: 24 Jul 1987 05:54-EDT From: Rick.Busdiecker@h.cs.cmu.edu To: nosc!rupp%cod.nosc.mil@sdcsvax.ucsd.edu (William L. Rupp) Cc: risks@csl.sri.com Subject: Taxes and who pays them Unfortunately the clarification is not entirely correct, although it is fairly widely held misbelief. While the application of a new tax to a product or service will often result in an increase in cost to the end user, it is very often NOT the case that this end user cost increase is equal to the tax increase; in many cases the company absorbs some of the cost. A government decree will not necessarily affect the price that a market will bear in as predictable a manner as is suggested by this ``clarification.'' Rick Busdiecker ------------------------------ From: Andrew Klossner Date: Sat, 25 Jul 87 11:22:20 PDT To: RISKS@csl.sri.com Subject: Non-taxes and who pays them [For the record] Organization: Tektronix, Wilsonville, Oregon Two recent comments in RISKS have suggested that the FCC is levying a new tax on data transmission. This is not the case. In fact, the FCC has proposed to discontinue a telephone service discount that information service providers now enjoy. The effect on those service providers is the same, but the government motivation is a bit more noble than just grubbing for new revenue. -=- Andrew Klossner (decvax!tektronix!tekecs!andrew) [UUCP] (andrew%tekecs.tek.com@relay.cs.net) [ARPA] [Thanks for the clarification on this. As we have drifted from RISKS relevance, let's blow the whistle on this subject. PGN] ------------------------------ End of RISKS-FORUM Digest ************************ -------