Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Edited excerpts from an article by William Trombley in the 'Los Angeles Times' 14-Aug-89: A new law which takes effect Jan. 1, 1990, requires California counties to place the source code of their vote-counting computer programs in escrow so they can be checked by independent experts in case of disputed results. The law is a partial response to increasing criticism that electronic vote tabulation sometimes is inaccurate and is vulnerable to tampering because of lax security. The California secretary of state will approve escrow facilities and will determine what material should be placed in escrow and under what circumstances the source codes should be made accessible to investigators. The escrow plan also allows election officials access to the codes should the companies that produce the software go out of business or stop selling that particular product, as has happened in several states. California's new law coincides with efforts by the National Clearinghouse for Election Administration, an arm of the Federal Election Commission, to produce voluntary state standards for computerized elections. The federal standards, published in the Federal Register last week, also call for putting source codes in escrow. So far, Texas, New York and a few other states have laws similar to California's. Reactions to the new law vary: Tom Diebold, president of DFM Associates, one election system vendor: "The problem with escrow is that it makes it easier for someone who wants to manipulate an election to get their hands on the source code." Lester Jaspovice, V.P. and corporate counsel for Sequoia Pacific Systems, another vendor: "My company doesn't like it, but, as an attorney, I think it's a good idea. It provides a virgin copy of the code that the court can call on in case of a dispute." Howard Strauss, Princeton University computer scientist and member of Election Watch: If the source code in escrow differs from the one used to count votes, "then you know something's wrong. But if they're the same, it doesn't tell you anything because they could both contain the same mistakes." Strauss also doubted that the law would protect against a company going out of business or losing its top scientific talent. "The idea is that these escrow facilities will have technical people who can read this stuff, but some of it is so badly written that, even after months of work, you wouldn't know what it was all about." Crew Deer, V.P. of Data Securities International, a computer software escrow company: "If the code has a bug in it, it will show up on both the original and the copy, but that's good because you at least know it's a technical problem and nobody has been tampering." According to Deer, the escrow fees for vote-counting source code might be about $1500 plus $1000/year after that. If a result is challenged and a detailed verification process is carried out, the cost could be as much as $30,000. Several critics said the new law does nothing to correct what they consider to be the major flaw in computerized elections — the presence of poorly trained, underpaid election workers who do not understand the computerized equipment they are using to count votes. [For the record, on July 2, 3, and 4, the 'Los Angeles Times' ran a very lengthy series by William Trombley on computers and vote counting. Nothing new, but a fair summary of past troubles, present systems, and suggested changes. It includes quotes from many election officials, computer scientists, and statisticians. Among those cited are RISKS contributors Gary Chapman and Marc Rotenberg of Computer Professionals for Social Responsibility, Lance Hoffman of George Washington University, Willis Ware of RAND, and RISKS moderator Peter Neumann. (See RISKS 7.52 and 7.70 for references to past reports on the subject.)]
More than 6000 voters were unable to vote in local government elections in Victoria on Saturday, August 5th, because of a computer error made by the Australian Electoral Commission. Newly enrolled voters and those who had changed municipalities had their names left of the updated electoral rolls. The error was made five months ago, but was detected less than 24 hours before the opening of the polling booths. A full internal inquiry has been ordered into why the error was detected so late, as well as its original cause. Legal opinion indicate the elections are not invalidated by the error, although legal challenges are expected from narrowly losing candidates. One bitter voter affected by the error noted that voting in the elections was compulsory - a bitter irony for those left of the rolls.
My answering machine is one that allows me to call in from a push-button phone and signal it to play back my messages with a 2-digit code. In addition, there are single-digit codes that reset the machine, go forwards, backwards, change the outgoing message, etc. I just called in to get my messages; there was one. Just before the caller hung up they accidentally bumped some keys on their phone, resulting in some digit tones being recorded on their message. I heard this and waited for the machine to beep to tell me it had finished playback. Instead, it played the message again... and again... Apparently it was taking input from the message tape as valid, and one of the buttons the caller pressed was the "backwards" command. I suppose if I were getting the message off the machine at home this wouldn't happen, because it would not be in remote mode. This has some interesting consequences for the unscrupulous callers and unwary callees. Peter Scott (pjs@grouch.jpl.nasa.gov)
"The New Homes Are Getting Smarter"
"Cued by computers, they run themselves"
by Mark McCain
(Excerpted from the Real Estate Section of the New York Times, August 13, 1989)
Although electronic brains these days control televisions and telephones,
offices and automobiles, the average house is still a mindless creature,
bumbling along without any effort to make itself more safe [!!!], or
economical, comfortable or convenient.
For many houseowners, that's fine. The thought of a house smart enough
to take matters into its own hands is absurd - even threatening. Who's
to say it wouldn't fire up the oven after midnight just on a lark?
But new houses are improving their IQs. After many years of futuristic
talk without much follow-through, builders are beginning to install automated
systems that act like all-knowing butlers. Not surprisingly, the systems
are most popular in expensive houses, where budgets are big and rooms so
numerous that even turning off lights at bedtime can be burdensome. [...]
"When my 3-year-old boy comes out of his room at night, a motion detector
turns on the hallway light for him," says Robert Pomeranz, a banking executive
who lives in a new 7,500-square-foot house outside Washington. "Obviously,
it's not worth buying an integrated control system for small things like
that, but it's amazing how useful the system can be as you become comfortable
with it."
Like humans, the systems aren't perfect. A light may turn on for no
apparent reason or a front door may refuse to open for it's master.
[That sounds nice in an emergency...]
"The houses we're building today have interiors right out of the space
age, even though their exterior appearances are traditional," said Kenneth
Nadler, an architect in Mount Kisco, NY, who designs expensive houses.
"It's Jetson on the inside and Gatsby on the outside."
For a homeowner eager to outdo even George Jetson, the futuristic TV cartoon
character, there's a $26,000 whirlpool that accepts calls - say, from a
car phone - to start water running at bath-perfect temperature. Too expensive?
For less than $1,500, there's a fireplace with a gas flame adjustable from
glowing to roaring by infrared remote control.
[Could Audi 5000's order up a bath by themselves? :-) ]
But even aficionados have their limits.
"I'm afraid of those things," said Joel Sommer, a Maryland builder who
infuses his multi-million-dollar houses with high technology. "What whould
happen if the whirlpool didn't shut off automatically or gas started flowing
in the fireplace without an ignition spark? I just don't see the benefit
of some products."
Certainly, automated devices built into houses today do not always make
practical sense. It is a situation reminiscent of the home-computer craze
in the early 1980's, when companies promoted computers for such uses as
storing recipes, even though ingredients that only soil a cookbook page
might easily destroy a kitchen keyboard. Today home computers are common,
but not for recipes or checkbook balancing or other uses suggested by early
promoters.
"In similar fashion, I'm sure we'll find a great many applications for
home automation that people haven't thought of yet or haven't predicted
to be big winners," said Roger Dooley, editor of Electronic Home, a trade
magazine published in Mishawka, Ind. "And what's being touted today as
big benefits may end up being used by only a few homeowners." [...]
"I live alone in a 10,000-square-foot house with only my housekeeper,
so I need to feel really secure, and what I've installed is state-of-the-art,"
said [... someone who has such a system. She also ...] has a sensor in each
room to control the temperature, and only once have things gone awry. "During
a storm with heavy lightning the sensor in the living room got stuck at 95
degrees," she said. "So the air-conditioning system kept trying to cool the
room. It felt like a meat locker." [...]
Beyond that, there's the gee-whiz appeal, like a synthesized voice in the
kitchen that anounces when a letter carrier has delivered the mail. [...] "You
don't have to install an integrated control system," said Mr. Sommer, the
developer, who is completing an 11,000-square-foot house with such a system. "I
happen to enjoy them because my background is in computer science. But really,
they're toys."
[discussion of business aspects of marketing these systems...]
One futuristic idea now becoming more practical is voice control. Already,
voice-recognition devices that allow a computer to understand a vocabulary of
about 75 words are available for less than $500. As those devices become more
powerful and less expensive, they will be an option for controlling home
automation.
"You'll be able to just walk up and talk to it," explained David MacFadyen,
an industry expert. "When you say, 'Good night, house,' the temperature
controls will be set back in unoccupied areas, the hot-water heater will be set
back, the phone will go on voice-mail. Just a couple of words will trigger an
evening shutdown sequence that is far more elaborate than anything we can think
of now.
["Good night, RISKS" ...
--> EXIT, SEND, QUIT, LOGOUT]
Jake Livni
A documentary on UK's Channel 4, 13 Aug 1989, was about traffic problems, especially congestion in cities. After concluding that there was no obvious and fair solution, the programme suggested that the best hope lay in more automation in cars. What's more, the programme implied that machines driving cars would be feasible in the medium term (next decade or two). For instance, shots were shown of a human driven automobile in which experimenters were recording data about close vehicles, etc. Apparently, and I paraphrase the commentator, although the researchers were only recording data, there's no reason in principle why the information should not be fed into control computers. The clear implication was that this would be much safer than letting humans drive. Also, with automatically or semi-automatically driven, it would be possible for my vehicle to refuse to let me drive into a city centre if the centre was too busy. The risks are obvious and horrific, but what is even more depressing is that experts in other fields just do not see the risks, and that TV researchers do not even think to ask anybody who might know about these risks. Ian Gent, University of Warwick, Coventry, UK
Quoted from The Dominion, Monday August 14 : A computer virus call marijuana has wreaked havoc in the Australian Defence Department and New Zealand is getting the blame. Data in a sensitive security area in Canberra was destroyed and when officers tried to use their terminals a message appeared : "Your PC is stoned - Legalise marijuana". Viruses are [guff on viruses] The New Zealand spawned marijunana has managed to spread itself widely throughout the region. Its presence in Australia has been known for the past two months. The problem was highlighted two weeks ago when a Mellbourne man was charged with computer trespass and attempted criminal damage for allegedly loading it into a computer at the Swinbourne Institute of Technology. The virus invaded the Defence Department earlier this month - hitting a security division repsonsible for the prevention of computer viruses. A director in the information systems division, Geoff Walker said an investigation was under way and the infection was possibly an embarrassing accident arising from virus prevention activities. New personal computers installed in the section gobbled data from their hard disk, then disabled them. Initially it was believed the virus was intoduced by a subcontractor installing the new computer system but that possibility has been ruled out. One more outlandish theory suggested New Zealnd, piqued at its exclusion from Kangaroo 89 military exercises under way in northern Australia, was showing its ability to infiltrate the Canberra citadel. New Zealand was not invited to take part in Kangaroo because of United States' policy of not taking part in exercises with New Zealand forces since Labour's antinuclear legislation. However, New Zealand observers were invited. New Zealand Defence Department spokesmand Lieutenant Colonel Peter Fry categorically denied the claim. "It would be totally irresponsible to do this kind of thing." In fact, New Zealand's Defence Department already had problems with the virus, he said.
If most large-system sites have user-installed trapdoors... If techies and technical management install these trapdoors to evade the access control tables because they are convinced these subsystems are 1) too often mismanaged, 2) too easily corrupted, 3) too cumbersome in an emergency, or 4) too prone to technical failure... Then — so long as this huge community of unbelievers remains unwilling to submit to the control of the access control system — we _will_ have users installing trapdoors for an alternative path to high-priviledged status, despite the obvious risks. If 15 years of unrelenting propaganda by the vendors and gurus have left the users so unwilling to follow the prescribed path of righteousness, maybe someone other than the users should reconsider. As it is, user-installed trapdoors are almost universal on big systems, but because they are illicit, "secret," they are seldom protected by anything more than their obscurity. What is so wrong about giving the users a safe model for what they demand — a route around the access control system — when just they take it anyway, security be damned? Who is being more unrealistic: the system programmers who code these traps, or the security specialists who ignore the fact that virtually all systems have trapdoors? Aren't we talking about trusting people who are already virtually all-powerful in their environment? Why can't we use an alternative security device to secure this alternative access path? Encryption seems a likely padlock. With a mix of synch and asynch crypto, it seems possible to set up a "one-time key" access, supported by user authentication, separation of function, audit trails. Heck, add an audible alarm. Even without the PKE frills, simple encryption can put a lock on what is otherwise an open gate hidden in the thickets. Continuing the masquerade, ignoring the existence of the problem, gets us Nowhere. For twenty years people have been showing me trapdoors into systems. Now, I'm shown or told of trapdoors that open whole networks (recently, one which popped a net of control systems for a major phone company, installed by management.) Now, I chat with hackers who give tutorials on how to locate user-installed trapdoors. One "specialist" recently told me that it seldom takes him more than 20 minutes to identify such a trapdoor in a typical corporate MVS system. The auditors are not the only ones, nor likely the most challenging foe, these users have to outsmart. Vin McLellan The Privacy Guild (voice/fax: 617-426-2487) Boston, Ma. 02111
From wire service stories in the 'Los Angeles Times' August 3 and 4, 1989: Computer problems frustrated a record opening-day crowd at New York's Saratoga Race Track on Wednesday, and track officials said Thursday's card might be canceled if the problem was not fixed by Thursday morning. Bettors were kept in the dark about the odds, payoffs, and even the time of day. "There's some sort of gremlin running around that software, and we can't find it," said Gerard McKeon, president of the New York Racing Assn on Wednesday. ... The computer problem extended Wendesday's nine-race card by an hour and cost NYRA about $1.5 million in handle, McKeon said. Pari-mutuel machines and the track's tote boards were also affected by the problem. Technicians worked through the night to replace the software, and things were apparently back to normal on Thursday.
Here's a first-hand account of an item for RISKS, since I was there on
Wednesday.
August 3, 1989, Latham, NY
Yesterday was opening day for thoroughbred racing at the Saratoga Race
Course in Saratoga Springs, New York.
It was a computer disaster.
The beginning of the 122nd season was ruined by computer problems which
forestalled the placement of wagers for Races 5 through 9 of the 9-race
program. The New York Racing Association, which operates Saratoga and
the other racing facilities in New York, is estimating a loss of $1.5
million in on-track, and $2 million in off-track handle. The loss in
good will is not measurable--parimutuel systems are dependent on their
accuracy and reliability for continued patronage--chances are most fans
will be forgiving and come back. Provided, that is, that the system
gets straightened out.
This is by no means certain. Racing officials announced yesterday that
they had no idea what had caused the computer system to crash, and for
fans to listen for a 9 AM announcement this morning before heading for
the track. This morning, NYRA announced that they intend to offer
wagering today, that they believe they have found the software problem
and corrected it, and that they are "80%" sure the system will work
correctly once betting begins today.
Like most tracks, betting information is displayed both on Tote Boards
(light-bulb displays) and on computer-generated video screens. Both
types of displays were affected by the problem(s)--at one point, I
observed that odds displayed on the two types differed. (Presumably
one was being updated from the computer, and the other not. However,
regardless of which was correct, some fans were being provided with
inaccurate information.)
Though the displays worked on and off from the 5th race on, the betting
machines did not function at all. The machines are of two
types--terminals which are located at the regular betting windows, and
which are operated by track employees; and so-called "SAMs", which
employ touchie-feelie screens so that bettors can place their own
wagers. The self-service machines allow a bettor to insert a
winning ticket or a cash voucher. Under ordinary circumstances, the
value of the ticket or voucher is read and then displayed on the
screen. At the beginning of the computer outage, machines were
displaying incorrect values for tickets, or simply eating tickets or
vouchers. Bettors who had encountered problems at the betting windows
at least had a human clerk to complain to--those using the SAMs had to
stand around wondering what to do.
Post times for races were delayed in hopes that the computers could be
made to operate, but to no avail. The final race took place nearly an
hour later than usual--and only those few who had made advance wagers
early in the day had any money riding.
Because the system handles both bets and payoffs, automated calculation of
prices for winning horses was also pretty much incapacitated. People holding
winning tickets (even from previous races) were not able to cash them.
Technicians worked overnight, having flown up from Autotote in
Delaware, and apparently fixed some software problems, but officials
still are not certain of what happened exactly.
Today, Thursday, the system seemed to operate properly. The normal $2
admission fee was waived, as a gesture to yesterday's disappointed
fans. However, given that officials were uncertain this morning that
it would hold up, the system's performance may have been more luck than
anything else.
Other than having diagnosed the problem as a software, rather than a hardware,
one, officials are offering no explanation as to what the problem was.
However, as an outsider, one could focus on the following factors:
When the season at Saratoga starts each year, most of the equipment
used is moved up from Belmont Park, near New York City. The move,
which includes starting gates, etc., as well as the computers,
betting machines, and TV monitors, takes place in the timespan from
the last race at Belmont on Monday to the first race at Saratoga on
Wednesday. Assuming that no hardware damage occurred in transit,
this allows very little time for testing, since some of those 30-40
hours are taken up by travel time and installation.
Though officials say that software changes are made nearly every
week, a number of changes--some in effect only for the Saratoga
meet--were made in the betting rules. For example, Triple betting
is now offered in the 8th as well as the 9th race; the number of
horses required to be entered in races offering certain exotic
wagers was lowered; and for two racing days only, when important
stakes races are run, exacta wagering will be allowed for all
races, regardless of the number of horses entered.
My guess is that more--and more sophisticated--software changes were made than
normally, and that, with limited time to test a system which was asked to
handle wagers from 30,000 people yesterday, some bug went undetected until
triggered yesterday.
It will be interesting to find out what backup setup NYRA utilizes.
Officials mentioned today that, if the system broke down today, that
hopefully their backup systems would not fail, so that they could
determine what went wrong. This leads me to believe that there was a
secondary failure of some type yesterday, such that the planned backup
process did not work.
During the present slow-down in RISKS, I was particularly happy when, this evening, my netnews reader presented me with an `unread' RISKS digest. It was not until I was half way through it that I realized it was one I had already seen. In fact it was RISKS 8.81 from 17 June 1989. Was this a local phenomenon, or has the Network, not wishing to RISK lower ratings, started airing Summer Reruns? Just curious, Daniel F. Fisher, Morgan Stanley & Co. Inc.
Here's the Path: on the copy of RISKS 8.81 that just arrived! Path: jumbo!decwrl!purdue!mailrus!csd4.milw.wisc.edu!leah!rpi!batcomputer !cornell!rochester!rit!tropix!moscom!ur-valhalla!uhura.cc.rochester.edu !sunybcs!rutgers!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!KL.SRI.COM!RISKS
Please report problems with the web pages to the maintainer