University of Bielefeld -  Faculty of technology
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D.
Back to Abstracts of References and Incidents Back to Root
This page was copied from:

Previous Issue Index Next Issue Info Searching Submit Article

The Risks Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 16, Issue 6

Thursday 12 May 1994

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator


o Plane accidentally ejects pilot into sea
Frank E Carey
o Tax preparation programs; IRS privacy; IRS computerization
o Digital Defamation in the UK
Brian Randell
o We spy harder!
Mich Kabay
o Killers sue over phone taps
Mich Kabay
o Journalists attack credit card account
Mich Kabay
o Fragmenting of the News
Mich Kabay
o Software piracy vexes industry
Mich Kabay
o Ultra-high dependability and the Channel Tunnel
R.J. Stroud
o Re: Future of US health care?
Amy McNulty
o Re: China Air A300 Crash
David Wittenberg
o Re: Copyright/patent owners: quick correction
Mark Seecof
o Re: Amusing computer-related anecdote about cable
Ry Jones
Paul N Hrisko
o Re: 11-digit ZIP code
Ed Ravin
o Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.

Plane accidentally ejects pilot into sea

F E Carey +1 908 949 8049 < >
Thu, 12 May 94 13:15:56 EDT
     TOKYO (Reuter) - The test pilot of a trainer jet built for the Japanese air
     force was accidentally ejected when the emergency bailout system mysteriously
     functioned, the plane's makers said Tuesday.  Pilot Masahiko Kameishi was
     later plucked from the sea by a military helicopter. He was reported to have
     suffered minor injuries to his arms and knees.  Kameishi was flying the T-4
     two-seater over the Pacific Ocean southwest of Tokyo on Monday when he was
     suddenly ejected into the sea with a parachute, a spokesman for manufacturers
     Kawasaki Heavy Industries Ltd said.  His co-pilot, seated in the rear, landed
     the plane safely at a nearby military base.  The Kawasaki spokesman said the
     company was looking into whether the ejection was activated by mechanical
     malfunction or by something the pilot may have touched.  More than 100 T-4s
     are already in service with the Air Self-Defense Force, Japan's air force.
     Kameishi's plane was to have been handed over to the air force June 1.
     Frank Carey at Bell Labs

Tax preparation programs; IRS privacy; IRS computerization

<"Peter G. Neumann" <> >
Wed, 11 May 94 15:47:47 PDT
     1. The following item is apparently from COOVER@MITRE.ORG .  It was sent by
     SnailMail to Will Tracz, the new editor of Software Engineering Notes,
     presumably for the RISKS section.  Will faxed it to me.
        From Law Practice Management, April 1994, p. 16:
        Well, it's April again and time for the annual buying frenzy for All
        The Latest tax-return software.  Just so you're on notice -- last year
        at this time *PC Magazine* did a comparison of twenty different tax-
        return packages.  When they ran a test scenario through the packages
        (see -- I don't actually have to say it out loud anymore -- you people
        know what's coming), that's right, *every single package* computed a
        different total tax due.
        Sort of like calling the IRS Help Line.
     2. Colin Smiley sent me a note observing that his social security number was
     visible through the window of the envelope that contained his refund check,
     and pointing out the evident risks.
     3. The IRS is now beginning the integrated computerization of its entire tax
     process.  This presents many interesting risks relevant to our newsgroup, such
     as those relating to security, integrity, authenticity, insider abuse, fraud,
     violations of privacy, bogus returns, and so on.
     4. Your RISKS Moderator is now a member of the IRS's Commissioner's Advisory
     Group (CAG), and cochairman of its Subgroup on Technology, Security, and
     Privacy.  If you have problems that you believe need to be addressed, please
     send them to me ( if you do not want them to appear in
     RISKS.  The next meeting is coming up in midJune.

Digital Defamation in the UK

Brian Randell < >
Thu, 12 May 1994 17:48:26 +0100
     The following article is quoted in its entirety from the (UK) Computer
     Weekly, issue dated 12 May 1994.  
       [Brian Randell, Dept. of Computing Science, University of Newcastle, 
       Newcastle upon Tyne, NE1 7RU, UK   +44 91 222 7923  ]FAX = +44 91 222 8232]
                   Why bulletin boards are a libel minefield
         Nick Braithwaite warns of the dangers of digital defamation 
         and how network and bulletin board operators must guard against 
         being unwitting participants in user's libellous missive
     Libel doesn't figure prominently in most network operators' list of
     priorities. Many assume that transient screen messages are private and
     unlikely to damage anyone's reputation. Electronic mail and bulletin boards
     foster informal communication, so users may be resistant to the idea that
     defamation risks are attached to electronic "conversations" .
     But beware if you run network or database. You could be in the firing line
     for a libel claim.
     In the first case of its kind in the UK, Canadian academic Dr Laurence Godfrey
     issued a libel writ in London against another academic based in Geneva
     claiming he was defamed by a bulletin board message posted on the Usenet
     system. If the claim succeeds, hosts and users could soon be contemplating
     sizeble pay-outs.
     In fact, there's nothing novel about the Godfrey case. Libel suits have
     been an occupational hazard for information providers and electronic
     database operators for many years, but now network hosts too have begun to
     experience defamation problems. Only recently, Compuserve was sued for
     libel in the US, while individuals in both the US and Australia have faced
     claims over uncomplimentary bulletin board messages.
     Are electronic messages "published" for libel purposes? The first requirement
     is a degree of permanence in the communication. Most experts now agree that,
     if defamatory, even transitory computer messages flashed on screen are
     sufficiently permanent, once stored in memory, to be libellous.  Slurs posted
     on bulletin boards are even more likely to be held libellous.
     The "publication" requirement is minimal, satisfied if just one person
     other than the plaintiff sees the material.
     Despite the international aspects of the Godfrey case, one solitary viewing of
     a bulletin board in England allows a case to be litigated in London, where
     libel actions are hard to defend.
     The author of a defamatory statement is an obvious libel target, but
     corporations with deep pockets usually make more enticing defendants.  Happily
     for US-based computer networks, the court in the Compuserve case ruled
     Compuserve could not, without editorial control, be liable for defamatory
     statements by users.
     In England, it is likely that operators will have to prove they were not
     negligent or reckless in allowing the statement onto the system. So if you
     follow the US standard, you should not exercise any editorial control at all.
     If you follow the English standard you should exercise maximum control.
     In fact there ought to be no real conflict, because it is difficult to imagine
     a court insisting that an operator should vet all messages on the system.
     Whichever standard of care prevails, database and public access network
     operators will have every incentive to minimise editorial control over what
     they carry.
     Plainly, for some databases and networks that will not be practical. But for
     libel purposes, the ideal is probably to emulate a telecoms carrier,
     disclaiming all responsibility for the content of messages.  Some practical
     steps to keep the lawyers at bay are:
     Check you have a warranty from the subscriber that they will not input
     defamatory material. Or, if you are worried about staff messages, put a
     warning in their contract of employment. Consider a statement in your user
     contract that the operator has no editorial control over traffic on the
     system. Display a warning on-screen that the host does not endorse any
     defamatory statements. These may not solve every problem, but will help reduce
       [Nick Braithwaite is a lawyer in the London-based media group of solicitors
       Clifford Chance]

We spy harder!

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
11 May 94 21:51:19 EDT
     From the Reuter newswire via Executive News Service (GO ENS) on CompuServe: 
     "FORT LAUDERDALE, Fla, May 9 (Reuter) - Three former owners of Value Rent A
     Car Inc pleaded guilty Monday to racketeering charges and face prison
     sentences of two to five years and fines totalling $2 million."
     They are also accused of having wiretapped the offices of Mitsubishi Motors
     executives.  Mitsubishi Motors owned 80% of the firm at that time.
     [MK:  This is known as taking an interest in management.]

Killers sue over phone taps

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
12 May 94 12:25:19 EDT
     United Press newswire (94.05.11 @ 09:59 EDST) via Executive News Service on
       CAMBRIDGE, Mass., May 11 (UPI) -- A Massachusetts judge continued a hearing
       on a suit by eight convicted murderers who seek to end the state's new
       practice of monitoring inmate phone calls to the outside.
         The eight lifers, saying they are representing all 10,000 state prisoners,
       filed suit against Nynex and Massachusetts corrections officials for tapping
       their phone calls."
     The article continues with the following key points:
     o	William "Lefty" Gilday, convicted of murdering a policeman, claims that
     the phone monitoring system is unconstitutional.
     o	Corrections officials argue that "the taps are necessary to curb fraud,
     harassment and drug dealing by inmates."
     o	Gilday was convicted in 1984 of running a credit-card fraud operation
     from prison and defrauding American Express of $4,000.
     set flame = on
     Interesting perspective on rights and responsibilities, eh?  These folks
     remind me of the self-righteous anger of some criminal hackers when legal
     processes interfere with their self-proclaimed rights to attack other people's
     computer systems.  "Rights for me, not for you; duties for you, not for me."
     Could we maybe apply the Key-Escrow Proposal to criminals?  How about "Lock
     'em Up and _Throw Away_ the Keys"?
     set flame = off
     Why is my neck turning red?]
     Mich Kabay / not representing anyone else this time.

Journalists attack credit card account

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
11 May 94 21:51:29 EDT
     From the Reuter newswire via CompuServe's Executive News Service (GO ENS):
     "FRANKFURT, May 10 (Reuter) - A journalist from a well-known German satirical
     magazine has cut off fugitive real-estate tycoon Juergen Schneider from one
     source of cash -- by ringing up Schneider's credit card company and cancelling
     his account.
          The magazine Titanic said journalist Bernd Fritz had telephoned the
     Eurocard company and blocked the account by giving Schneider's name and date
     of birth."
     The article explains that Schneider has been on the run for over a month and
     has filed for bankruptcy.  He is under investigation for credit fraud.
     Asked for identifying information, including Schneider's bank, the journalist
     picked a bank at random--and was right.
     The magazine writers now claim that they will try to block credit cards for
     other fugitives.
     [Comment by MK: I have been saying for a long time we need PINs for credit
     cards!  I hold no brief for the accused man, but it does seem odd that someone
     else be able to cancel a person's account.  How would you like it if some
     prankster cancelled _your_ credit/bank/phone/... account with a simple phone
     Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn

Fragmenting of the News

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
12 May 94 12:25:13 EDT
     The Washington Post newswire (94.05.11) includes an interesting essay by
     Michael McKeon entitled, "Fragmenting of the News."  The author discusses the
     declining importance of the mass media for distributing news and the rising
     importance of electronic communities where opinions are more uniform.
     <<begin summary>>
     He writes, "More ominously, they have the ability to deny access to anyone
     trying to reach them with a message."  By this he means that faxes, videos,
     electronic mail and Internet or other newsgroups put control in the hands of
     the individual.  He calls these non-official communications groups "the
     stealth medium."  He sees these groups as the modern equivalent of the tavern
     conversations of a different generation.  These "virtual communities" exist
     without geography; they consist of people with similar interests and sometimes
     with similar views.
     He worries that the information passing through the stealth medium is
     unchecked for accuracy.  Furthermore, "the character of the information tends
     to be more emotional and, as a result, more reflective of peoples' true
     feelings."  People tend to flame others when there is no face-to-face contact.
     And "people are often choosing information delivered by demagogues appealing
     to fear, anxiety and prejudice through heated rhetoric and distortion."
     Even worse, in the writer's view, politicians and the mass media are turning
     into their very own insular virtual community.  Politicians and government
     officials speak to each other through the media but are losing their audience
     outside the Beltway.
     Politicians, he argues, must learn to address smaller and more specific
     audiences using the communications channels at hand.
     <<end summary>>
     [Comment by MK: McKeon addresses an important question--how one ensures
     accuracy in cyberspace.  At the moment, there are few mechanisms for
     generating consequences for defamatory, inaccurate or harmful "speech" in
     cyberspace.  We don't even have universal mechanisms for identification,
     authentication and non-repudiation.  I'm glad to see a mainstream non-technoid
     writer raising these points in the mainstream media.  Naturally, I had to send
     it to my virtual community for discussion.  <g>]
     Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn

Software piracy vexes industry

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
12 May 94 12:25:02 EDT
     United Press International newswire (94.05.11 @ 01:46 EDST) reports on an
     interview with Business Software Alliance President Robert Holleyman during
     his visit to Microsoft offices in Redmond, WA.
     <<begin summary>>
     Writer STUART GLASCOCK's key points:
     o	MS would be 4 times larger were it not for counterfeit software.
     o	Total losses (not per year) to software thieves by US software
     companies alone exceed $12 billion.
     o	Holleyman said, "Software piracy continues to plague the industry,
     stifling motivation, destroying incentives for creating new programs, and
     impeding growth.  Strong copyright laws and enforcement measures are critical
     to enhance the legitimate market for software."
     o	Other estimated annual losses due to software theft:
     	Europe           $4.9 billion
     	Asia             $3.9 billion
     	US & Canada      $2.4 billion
     	Africa & MidEast $0.7 billion
     	Latin America    $0.8 billion
     	Japan            $1.9 billion
     o	BSA represents the leading U.S. software companies. BSA members are
     Aldus Corp., Apple Computers Inc., Autodesk Inc., Computer Associates,
     Intergraph Corp., Lotus Development Corp., Microsoft Corp., Novell Inc.,
     WordPerfect Corp.
     o	"Untold numbers of U.S. jobs are lost to piracy," said Ann Woodliff,
     associate general counsel for Aldus Corp. "The numbers are staggering,"
     Woodliff said. "It's difficult to put a number around it. Our piracy losses
     are over 40 million worldwide."
     o	"BSA operates 20 hotlines around the world for callers seeking
     information about piracy or to report suspected incidents of software theft.
     Nearly 250 per day are received on these lines, the BSA claims. The number in
     the United States is 800-688-2721."
     <<end summary>>
     [MK comment: I wish we could convince the criminal-hacker, "Information Wants
     to be Free" gang that encouraging software theft harms _people_ working in the
     software industry.  I think everyone who works in the software field should be
     supporting or participating in local programs to reach schoolchildren and
     their parents and explain why stealing software is a Bad Thing.  I've recently
     been asked to speak at a local school and am working with my synagogue to
     introduce a discussion of the morality of cyberspace to our community.
     Already, a friend has been so moved by my arguments that he has had
     discussions with his teenaged sons and has thrown out years of stolen
     software.  When he was offered a stolen copy of a package last week, he turned
     it down for the first time in his life and said, "If I need it, I'll buy it."
     He told me he is getting used to the idea but feels good about it.  "I
     realized that I was setting a terrible example for my children."]
     Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn

Ultra-high dependability and the Channel Tunnel

Robert Stroud < >
Thu, 12 May 1994 11:49:04 +0000
       [Sent to RISKS courtesy of John Rushby <>.  PGN]
     From an article by William Hartston, *Independent on Sunday*, 8th May 1994,
     p.21 (numbers column)
     A major accident in the Channel Tunnel resulting in 70 or more deaths will
     happen once in 100,000 years, according to a report by Eurotunnel.
     Impressive, but how was it calculated?
     Give or take a few millenia, 100,000 years is the time homo sapiens has been
     around; 10,000 years ago, you could walk from England to France without
     getting your feet wet. So how did Eurotunnel look 100,000 years into the
     future? It began with statistics from 1984-90, which showed a total of 313
     people killed in railway accidents in Britain, including 99 at stations. With
     268 billion passenger kilometres traveled, simple arithmetic yields figures
     of 0.08 fatalities per 100 million passenger kilometres plus 0.95 fatalities
     per 100 million passenger journeys (for those killed at stations). These
     figures, and their French equivalents, were then combined and applied to the
     tunnel, as though it were a randomly selected 50km stretch of track, with a
     station at each end.
     The figure may then be modified by the decreased likelihood of anyone throwing
     himself in front of a moving train under the Channel. Fires and derailments,
     however, (estimated at 4.4 per cent and 18.5 per cent respectively of the
     "total system risk") are likely to have more serious consequences, which are,
     in turn, balanced by more stringent safety procedures.
     Eurotunnel concludes: 'The Channel Tunnel represents a significant advance in
     railway safety' which may be true. But for all the precision, it is little
     more than informed guesswork: 100,000 years is a long time on a train line.
     The Titanic was unsinkable. Has Eurotunnel overlooked an iceberg too?"
       [I believe Eurotunnel is planning for 10 trains/hour. I think that makes
       one accident every 100,000 years a 10 ^ -10 claim..
       I also heard something about an independent report that had been suppressed
       that argued that the 10 trains/hour figure was unsustainable taking into
       account factors such as gradients, length and weight of trains, time to
       accelerate from stations, etc.   Robert Stroud]

Re: Future of US health care?

Wed, 11 May 94 14:18 EDT
     In RISKS-16.04, Mark Stalzer ( wrote about his HMO
     doctor's deliberate "misdiagnosis" of his baby daughter's rash as lupus, in
     order to get past the HMO restrictions for referring her to a specialist.  He
     was understandably quite upset at having received notification of this
     diagnosis in the mail, without any previous phone call or explanation from the
     doctor or other HMO personnel.
     In addition to the ridiculousness of the HMO doctor having to play games like
     this just to refer a patient to a specialist that the doctor feels the patient
     needs to see, there's another big risk in this story.  In this age of
     nation-wide computer databases like the Medical Information Bureau, this
     little girl (and other people like her who were similarly "misdiagnosed" by
     the HMO doctors) may now be listed somewhere in some database as having a
     serious, pre-existing disease -- which could cause her to be unjustly rejected
     sometime next century when she applies for life insurance, medical insurance,
     a physically demanding job, college, or who knows what else.  I won't try to
     address whether this kind of database is fair or just even when the
     information it contains is *accurate*, but it should be obvious to RISKS
     readers that in this case (and many others) it could also contain inaccurate,
     very damaging information.
          -- Amy McNulty (

Re: China Air A300 Crash

David Wittenberg <>
Wed, 11 May 1994 16:46:53 -0500 (EDT)
     > The root cause of this crash seems to be a confused co-pilot.
     I think you're being much too harsh on the copilot.  He was trying to fly the
     plane in a standard way, and the plane's auto-pilot did something
     inexplicable.  While perhaps the copilot could have responded better (but note
     several other odd auto-pilot actions later), I would have to say the root
     cause was the "go-around mode for unknown reasons".
     Since people don't always diagnose unexpected behaviour correctly, it is
     important to decrease the chances of their being confronted with some
     unexpected behaviour in a time or place with little margin for error.  The
     question one has to ask about the rather sophisticated auto-pilots now in use
     is not "are they perfect?"  We know that they aren't.  But, "How often do they
     fail, and can pilots reasonably be expected to recover from the failures?"  By
     comparing the dangers of the new technology with the dangers of the old
     technology, we can make an intelligent choice.  Unfortunately, the vendors try
     to convince us that their technology is perfect, which is clearly false.
     --David Wittenberg

Re: Copyright/patent owners: quick correction

Mark Seecof PSD x77605 <>
Wed, 11 May 1994 13:37:23 -0700
     I won't name names, but another RISKS contributor suggested that copyright
     owners or patent holders "MUST" license to all on reasonable terms.  That is
     not true.  In general patents or copyrights may be licensed on any terms the
     owner can get and the owner may pick and choose licensees at will.  The
     exceptions are few, and are related to antitrust issues that do not apply to
     99.99% of situations.  Some (other than the U.S.) countries have mandatory
     licensing of various kinds of patents and copyrights (e.g., mandatory
     licensing of educational textbook copyrights in India), but again, with a few
     exceptions, the U.S. doesn't work that way.  And for other pedants like me:
     I'm not gonna launch into a discussion of "fair use," music-performance
     situations, copyright collectives, weapon patents, and other stuff which would
     explain some of the "exceptions" to the general rule I've alluded to.
     Think about it.  What competitive advantage would a patent confer if you had
     to license it to anyone?  Ditto copyrights.  The whole point of such rights is
     to limit the people who can exploit a certain work.
     Mark Seecof <>  Publishing Systems Dept.  Los Angeles Times

Amusing computer-related anecdote about local cable service

Ry Jones <>
Wed, 11 May 94 14:22:21 PDT
     TCI Cablevison of Washington often has a similar display with a Guru Error
     (Amiga) for days on end on the Public Info channels. Also, Cablevision of
     Terre Haute, IN used to have a Apple ][+ that would bomb out and draw random
     lines on the PI channel. Terre Haute First National Bank built a new building
     complete with 6 huge automated computer displays (light-bulb type) and they
     often got out of sync, triggering an alarm that would display a very distinct
     Commodore Basic prompt on all six signs all night.

Amusing anecdote about local cable svc. (Long, RISKS-16.05)

Thu, 12 May 1994 16:54:23 EDT
  (H Morrow Long)
     writes about the error he noticed on his local cable channel recently.
     Our local cable system and a couple of the surrounding ones use Commodore
     Amigas for such things as the on-line cable guide (The Preview Guide), local
     programming information screens, etc... My guess is that there is specialized
     software available to the cable operator from whatever company broadcasts The
     Preview Guide which is customizable by region, content or whatever (ad
     packages come to mind).
     A few years ago you could usually look forward to seeing the dreaded Amiga
     'Guru Meditation Error' plastered on your cable guide screen whenever there
     was a big storm or over a long holiday weekend.  It was amusing at first, but
     it soon became tiresome.  Since it hasn't happened in the past couple of years
     I'm assuming they've invested in a battery backup or better equipment.  One
     risk for them: Since Commodore has gone belly-up, what's going to happen to
     their equipment when it dies.  Will they be relegated to searching the
     orphaned-computer parts bin at their local used computer store?

Re: 11-digit ZIP code

Ed Ravin <>
Wed, 11 May 1994 12:14:25 +22321159 (EDT)
     The existing 9 digit ZIP code already provides a path to your door -- in most
     cases, it maps out to either an individual house, four or five houses,
     apartment building, or cluster of floors in an apartment building.
     So there's no new RISK with the 11 digit code -- as a matter of fact, it's
     already in use on some barcoded mail (but the 11 digit ZIP is only used in the
     barcode, so you haven't noticed it yet).  The RISK is that zipcode bloat makes
     addressing mail more and more complicated and error-prone for humans, or that
     adding extra digits to the ZIP code is being touted instead of making better
     use of the existing digits to make things easier for the bureaucrats in the
     Post Office.
     Ed Ravin, Prodigy Services Company, 445 Hamilton Avenue
     White Plains, NY 10601  +1 914 448 4737
        [Similar comments were received from 
, who noted Britain's system is
            often unique to 10 or 20 households,
          grayjw <>, who noted the use of the
            first few digits to determine insurance rates,
          Chuck Weinstock <weinstoc@SEI.CMU.EDU>,
          Frederick Wheeler <>,
 (Martin G. Halvorson), 
 (Mark Brader), who wondered about the (non)difference 
            between giving out a unique address and a unique ZIP,  and
 (Vidiot), who noted that the U.S. Postal Service
            is already using the 11 digits.  PGN]

Previous Issue Index Next Issue Info Searching Submit Article

Report problems with the web pages to
This page was copied from:
Last modification on 1999-06-15
by Michael Blume