[risks] Risks Digest 22.67

From: RISKS List Owner (riskoat_private)
Date: Fri Apr 04 2003 - 11:24:11 PST

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.68"

    RISKS-LIST: Risks-Forum Digest  Friday 4 April 2003  Volume 22 : Issue 67
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at
      http://catless.ncl.ac.uk/Risks/22.67.html
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents:
    Rice cooker reprograms pacemaker? (Mark Batten-Carew)
    eBay reacts to charges against its Paypal operation (NewsScan)
    Pennsylvania won't identify sites blocked for child porn (Ted Bridis via
      Monty Solomon)
    The Googlewashing of our language (Alpha Lau)
    Is your television watching you? (Phillip Swann via Monty Solomon)
    Website hoax on killer virus triggers Hong Kong panic (Monty Solomon)
    Ellison predicts major shakeout in Silicon Valley (NewsScan)
    Music piracy violations: $150K a song (NewsScan)
    Streaming video: a patent on porn (Monty Solomon)
    Laws make crypto and untraceable E-mail illegal? (Douglas W. Jones)
    The reality behind these laws (Fred Cohen)
    State Super-DCMAs will be suicidal (David Harmon)
    Draft legislation on using crypto (Anick Jesdanun via Dave Farber to PGN)
    Re: Draft legislation on using crypto (David P. Reed)
    Patriot software again a concern? (Robert I. Eachus)
    Friendly Fire and the Perils of Statistical Reasoning (Thomas A. Russ)
    Re: Friendly fire (Anthony Youngman)
    NCIC: "Death by Oops?" (Lauren Weinstein)
    POW Social Security numbers revealed (Paul Hirose)
    Cell phones & 911 service (Jeremy Epstein)
    Possibly-wrong expectations about bouncing e-mail (Mark T.B. Carroll)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Tue, 1 Apr 2003 12:56:24 -0500
    From: "Mark Batten-Carew" <markbcat_private>
    Subject: Rice cooker reprograms pacemaker?
    
    This is an excerpt from a monthly newsletter that sends out interesting
    news items.  I don't believe this is an April Fools' item, but then who
    knows?  Mark Batten-Carew
    
      HEARTBREAKING
      A Japanese woman's automatic rice cooker changed the settings on her
      pacemaker. Doctors doing a routine check up were baffled to find that the
      hi tech pumping device they had implanted in the woman, 60, had been
      remotely adjusted. They contacted the manufacturer, who visited her home
      and found that a rogue rice cooker had somehow beamed signals to the
      device.  [Source: A&A Economic Digest - April 2003 Edition, 
      http://www.aacb.com/edigest/, 1 April 2003]
    
    [Quite plausible, in light of previous reported cases of electromagnetic
    interference on pacemakers 
    --- from ACM Software Engineering Notes back issues:
    * Arthritis-therapy microwaves set pacemaker to 214, killed patient (S 5 1)
    * Retail-store anti-theft device reset pacemaker, man died (S 10 2, 11 1)
    * Pacemaker locked up when being adjusted by doctor (S 11 1)
    * Electrocauterizer disrupts pacemaker (S 20 1:20)
    --- and from RISKS:
    * Stores' shoplifting gates can set off pacemakers, defibrillator (RISKS-20.05)
    * Heart pacemaker and implantable cardioverter defibrillator
      recalls and alerts involve 520,000 devices (S 26 6:8, RISKS-21.60)
    PGN]
    
    ------------------------------
    
    Date: Tue, 01 Apr 2003 10:43:01 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: eBay reacts to charges against its Paypal operation
    
    Federal prosecutors in Maryland have accused PayPal, the Internet payments
    company acquired by eBay, of violating the Patriot Act by facilitating
    illegal gambling.  The company disclosed the accusation in its annual report
    filed with the Securities and Exchange Commission; it says that prosecutors
    have offered a complete settlement of all possible claims and notes that the
    amount of its earnings from online gambling was less than what prosecutors
    asserted.  [AP/*San Jose Mercury News*, 31 Mar 2003; NewsScan Daily, 1 Apr
    2003]
      http://www.siliconvalley.com/mld/siliconvalley/5525363.htm
    
    ------------------------------
    
    Date: Thu, 3 Apr 2003 22:09:01 -0500
    From: Monty Solomon <montyat_private>
    Subject: Pennsylvania won't identify sites blocked for child porn (Ted Bridis)
    
    Mike Fisher, Pennsylvania's attorney general, is citing laws against
    distributing child pornography in refusing to identify any of hundreds of
    Web sites his office has forced Internet providers to block under a unique
    state law that the Center for Democracy and Technology asserts is blocking
    Web surfers from accessing legitimate sites, but cannot prove without access
    to the list of blocked sites.  Fisher's office said disclosing the list of
    blocked Web sites would itself be disseminating such pornography, which is
    illegal.  [Source: Ted Bridis, AP Online, 3 Apr 2003; PGN-ed]
      http://finance.lycos.com/home/news/story.asp?story=33704697
    
    ------------------------------
    
    Date: Thu, 3 Apr 2003 22:06:12 -0800 (PST)
    From: Alpha Lau <avlxyzat_private>
    Subject: The Googlewashing of our language
    
    Taken from Slashdot [1]:
    
    "The Register[2] talks about how a term ("Second Superpower") coined by the
    anti-war culture suddenly got radically neutered and altered by a weblog[2]
    that a lot of people link to. Searching for the term on Google now brings up
    his blog and other people talking about his blog for the first several
    entries. Can Google's power to give information to the people be misused and
    perverted? This only took 42 days." First the widespread usage of "googling"
    to mean web searching, and now this.
    
    The Register article [2] has the details and how powerful google can be.
    
    [3] is the weblog that managed to saturate Google's PageRank.
    
    I had a quick peek on AltaVista and voila, numerous other usages of the term
    "Second Superpower" [4].
    
    
    The Risk? Blindy trusting Google and it's proprietary PageRank algorithm.  
    
    Worse yet, as Google gains users trust, it is very easy to trust Google alone.
    
    [1] http://slashdot.org/article.pl?sid=03/04/03/2327239&mode=nested&tid=95
    [2] http://www.theregister.co.uk/content/6/30087.html
    [3] http://cyber.law.harvard.edu/people/jmoore/secondsuperpower.html
    [4] http://www.altavista.com/web/results
        ?q=Second+Superpower&kgs=0&kls=1&avkw=xytx
    
    ------------------------------
    
    Date: Tue, 1 Apr 2003 14:35:48 -0500
    From: Monty Solomon <montyat_private>
    Subject: Is your television watching you? (Phillip Swann)
    
      Could the federal government find out what you're watching on TV?  Even if
      you're not the subject of a criminal investigation?  If you're a satellite
      TV or TiVo owner, the answer is yes, according to legal experts and
      industry officials.
    
      Under the USA Patriot Act, passed a month after the 9/11 terrorist attack,
      the feds can force a noncable TV operator to disclose every show you have
      watched. The government just has to say that the request is related to a
      terrorism investigation, said Jay Stanley, a technology expert for the
      American Civil Liberties Union.
    
      Under Section 215 of the Act, you don't even have to be the target of the
      investigation. Plus, your TV provider is prohibited from informing you
      that the feds have requested your personal information.  ...
    
      Source: Phillip Swann, TVWeek.com
      http://www.tvweek.com/technology/030303isyourtv.html
    
    ------------------------------
    
    Date: Tue, 1 Apr 2003 09:42:02 -0500
    From: Monty Solomon <montyat_private>
    Subject: Website hoax on killer virus triggers Hong Kong panic
     
    [Source: Tan Ee Lyn, Reuters, 1 Apr 2003; PGN-ed]
     
    A teenager's Web Site hoax about the killer virus sweeping Hong Kong sparked
    panic food buying and hit financial markets on Tuesday, and the government
    said it was placing more than 200 people into isolation camps.
    
    Indonesia, the world's fourth most populous nation, reported its
    first three suspected cases. One official said one of the patients
    had died but this could not be confirmed.
    
    Severe Acute Respiratory Syndrome (SARS) has now affected almost
    1,900 people in at least 12 countries, and 63 are known to have
    died.
    
    In Hong Kong, where 685 people have been infected and 16 have died
    from the virus, the Web Site hoax forced authorities to deny it
    would isolate the entire territory.  ...
     
    http://news.lycos.com/news/story.asp?section=Breaking&storyId=691262
    
    ------------------------------
    
    Date: Wed, 02 Apr 2003 07:49:12 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Ellison predicts major shakeout in Silicon Valley
    
    Oracle founder and CEO Larry Ellison says the high-tech industry is poised 
    for another sweeping consolidation that will eliminate many of his rivals. 
    "We think there's at least 1,000 Silicon Valley companies that need to go 
    bankrupt," says Ellison, who predicted Oracle would be one of the 
    survivors, along with Microsoft and IBM. He noted that nearly all software 
    profits are generated by five companies (including Oracle), out of hundreds 
    in the sector. Ellison says companies in Silicon Valley haven't come to 
    grips with the realities of a maturing industry and have resisted the 
    changes necessary to improve efficiency: "The whole model doesn't make 
    sense. There's a bizarre belief that we'll be young forever."  [*Wall Street 
    Journal*, 1 Apr 2003; NewsScan Daily, 2 April 2003]
      http://online.wsj.com/article/0,,SB104923666370767900.djm,00.html 
      (subscription required)
    
    ------------------------------
    
    Date: Fri, 04 Apr 2003 09:07:26 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Music piracy violations: $150K a song
    
    The Recording Industry Association of America (RIAA) has filed lawsuits
    against four students it says it misappropriated academic computing
    resources to "illegally distribute millions of copyrighted works over the
    Internet." Two of the accused students are enrolled at Rensselaer
    Polytechnic Institute, one student is enrolled at Princeton, and the fourth
    is at Michigan Technological University. If they are convicted, they could
    be fined as much as $150,000 for each song they illegally traded. Digital
    media analyst Phil Leigh says of the RIAA's action: "This is just another
    step in the direction of demonstrating to the public that there will be
    penalties for what they consider to be copyright violations. I think they're
    attempting to take a carrot-and-stick approach here. They're whacking a few
    people with a stick now. And the carrot is the more liberal rules relating
    to label-backed subscription online services."  [*San Jose Mercury News*, 
    4 Apr 2003; NewsScan Daily, 4 Apr 2003]
      http://www.siliconvalley.com/mld/siliconvalley/5558442.htm
    
    ------------------------------
    
    Date: Wed, 2 Apr 2003 10:07:00 -0500
    From: Monty Solomon <montyat_private>
    Subject: Streaming video: a patent on porn
    
    Acacia Research says it owns five U.S. and 17 international patents covering
    the transmission and receipt of digital audio and digital video content,
    otherwise known as streaming media.  But before attempting to enforce its
    patents with big outfits such as Yahoo! and The Walt Disney Co., Acacia
    instead chose to go after the smallish adult Internet sites that peddle
    videos of women (and men) doffing their clothes--and much more.  They sent
    letters to 700 racy Web sites with offers to arrange royalty deals,
    typically consisting of 1% to 2% of gross revenue.  Do the deal or we'll see
    you in court, warned Acacia.  Eight firms agreed to Acacia's terms.  But 40
    didn't, and Acacia promptly slapped them with lawsuits.  Rather than
    buckling, though, several of the porno sites joined together and stood their
    ground.  Now Acacia is in the fight of its life and may even face a
    shareholder revolt as a result.  ...  [Source: Seth Lubove, Forbes.com, 
    2 Apr 2003; PGN-ed]
      http://www.forbes.com/2003/04/02/cz_sl_0402porn.html
    
    ------------------------------
    
    Date: Mon, 31 Mar 2003 13:45:24 -0600
    From: "Douglas W. Jones" <jonesat_private>
    Subject: Laws make crypto and untraceable E-mail illegal? (Re: RISKS-22.66)
    
      [See items by Ed Felten (USe a Firewall, Go to Jail), Steve Bellovin
      and William Allen Simpson in RISKS-22.66).  PGN]
    
    [Some of this legislation] could have bizarre consequences for E-voting
    advocates, as well as for the entire Internet community.
    
    I quote from Section 750.540c of the Michigan Penal Code,
    Full text online at:
    
    http://www.michiganlegislature.org/mileg.asp?page=getObject&objName=mcl-750-540c-amended
    
    This goes into effect today (March 31, 2003):
    
      (1) A person shall not assemble, develop, manufacture, possess, deliver,
      offer to deliver, or advertise an unlawful telecommunications access
      device or assemble, develop, manufacture, possess, deliver, offer to
      deliver, or advertise a telecommunications device intending to use those
      devices or to allow the devices to be used to do any of the following or
      knowing or having reason to know that the devices are intended to be used
      to do any of the following:
    
      (b) Conceal the existence or place of origin or destination of any
      telecommunications service.
    
      (c) To receive, disrupt, decrypt, transmit, retransmit, acquire,
      intercept, or facilitate the receipt, disruption, decryption,
      transmission, retransmission, acquisition, or interception of any
      telecommunications service without the express authority or actual consent
      of the telecommunications service provider.
    
    In effect, item 1b makes it illegal to create any anonymous communication
    service, and all of the interesting protocols for ballot deposit appear to
    rely on anonymization schemes of one kind or another.
    
    Item 1c is really hard to make out.  It appears to be intended as an
    anti-wiretapping rule, but the plain wording appears to require the express
    authority or actual consent of every ISP for any use of that ISP's
    facilities; does this mean that if I was in Michigan, I'd have to ask
    permission before I hit the send key to E-mail this message?  I checked
    their definition of telecommunications service provider and it is broad.
    The owner of the wire, the owner of the switching systems, they're all
    involved and each must give permission.
    
    According to slashdot, a goodly number of states are now considering this
    kind of law.  See:
      http://yro.slashdot.org/article.pl?sid=03/03/28/1541230&tid=103
    It's pretty obvious that they haven't thought these bills through.
    
    ------------------------------
    
    Date: Tue, 1 Apr 2003 05:29:07 -0800 (PST)
    From: Fred Cohen <fcat_private>
    Subject: The reality behind these laws (Re: Firewall, Jail, RISKS-22.66)
    
    As I read the Texas bill, it starts out by saying:
      http://www.capitol.state.tx.us/data/docmodel/78r/billtext/pdf/HB02121I.PDF
    
      "A person commits an offense if, with the intent to defraud a communications
      service..."
    
    The Michigan bill starts out saying:
      http://www.michiganlegislature.org/printDocument.asp
        ?objName=mcl-750-219a-amended&version=txt
      http://www.michiganlegislature.org/printDocument.asp
        ?objName=mcl-750-540c-amended&version=txt
    
      "(1) A person shall not knowingly obtain or attempt to obtain
           telecommunications service with intent to avoid, attempt to avoid, or
           cause another person to avoid or attempt to avoid any lawful charge
           for that telecommunications service by using any of the following:"
    
    > The Bill analysis basically quotes the MPAA website!
    > http://michiganlegislature.org/documents/2001-2002/
    >   billanalysis/house/htm/2001-HLA-6079-b.htm
    
    This analysis agrees with mine.  That these bills increase penalties only
    for already illegal actions and possibly criminalize what would currently be
    some civil matters.  If you are paying for one class of service (e.g., home
    use of the Internet for one computer) and using it for another class of
    services (e.g., selling access to your neighborhood by putting up a NAT
    firewall), you are already violating the law and you will also be violating
    these laws.
    
    I know that this was the April 1 issue, but the rumors on these bills are
    spreading faster than most computer viruses, and they have been spreading
    for several days with increasing intensity and are being taken seriously.
    Nothing in these bills in any way prevents firewalling, encryption, etc.
    UNLESS it is being used to defraud.
    
    Fred Cohen - http://all.net/ - fcat_private - fcat_private - tel/fax 925-454-0171
    Fred Cohen & Associates	- University of New Haven - Security Posture
    
      [defraud ... in the eyes of the accuser!  PGN]
    
    ------------------------------
    
    Date: Tue, 01 Apr 2003 11:23:41 -0500
    From: David Harmon <dmhat_private>
    Subject: State Super-DCMAs will be suicidal (Re: RISKS-22.66)
    
    I suspect at least the Michigan state legislature may reconsider -- after
    their tech industries pick up and *leave*.  The first to go will be the ones
    actually working on the criminalized tools etc.  These will be followed by
    those whose lawyers were paying attention.  The third wave will be triggered
    as both government and private actors start (ab)using the new laws for
    arbitrary "takedowns" of their enemies.  Of course, quickly repealing or
    nullifying the laws *may* stop the exodus, but I expect the state will still
    be regretting this bonehead move for some time, as will any other states who
    follow suit.
    
    I do, however, doubt Massachusetts will actually *pass* any such law, 
    given the assured and powerful opposition of MIT and their *many* 
    friends.  I would hope that whoever introduced it gets stomped at their 
    next election, but that may be too much to ask.  On the other hand, some 
    of the other states in question may not have techies with enough pull to 
    make their voice heard.
    
    Of course, a fair number of the companies and persons involved will 
    decide to leave the country altogether, leaving us with fewer national 
    resources for defense *or* productivity.  Steve Kirsch was right:
    
     > The terrorists have won. They have successfully convinced America to
     > attack itself.
    
    (from: http://www.skirsch.com/politics/iraq/Lessons911.htm )
    
    	Dave H.
    
    PS:  The basic pattern I'm seeing here is that private self-defense "in 
    cyberspace" is being methodically outlawed.  Has anyone *else* noticed 
    that "we" are slowly dismantling the various obstacles to a _Handmaid's_ 
    _Tale_ style techno-coup?
    
    ------------------------------
    
    Date: Mon, 31 Mar 2003 16:11:25 -0500
    From: "Peter G. Neumann" <neumannat_private>
    Subject: Draft legislation on using crypto
    
    Cheating on income taxes or neglecting to pay sales taxes on online
    purchases could get you five extra years in prison if the government
    succeeds in restricting data-scrambling technology, and discourage human
    rights workers to protect sensitive data.  Draft legislation circulating in
    the Justice Department would extend prison sentences for using encryption in
    the commission of a crime, something encryption advocates fear would achieve
    little in catching terrorists and hurt only legitimate uses of cryptography.
    The new proposal is part of the proposed Patriot II legislation.  [Source:
    Anick Jesdanun, *The Washington Post*, 31 Mar 2003; PGN-ed via Dave Farber]
    
      [The full item is available on Dave's IP Archives:
        http://www.interesting-people.org/archives/interesting-people/
      PGN]
    
    ------------------------------
    
    Date: Mon, 31 Mar 2003 21:21:10 -0500
    From: "David P. Reed" <dpreedat_private>
    Subject: Re: Draft legislation on using crypto (RISKS-22.67)
    
    If they declare that encryptions are arms, perhaps we should point out the
    Second Amendment (favorite of the National Rifle Association) guarantees the
    right to keep and bear arms.  [via Dave Farber's IP]
    
    ------------------------------
    
    Date: Mon, 31 Mar 2003 19:53:22 -0500
    From: "Robert I. Eachus" <rieachusat_private>
    Subject: Patriot software again a concern?
    
    The two Patriot "failures" in have different -- and understandable --
    modalities.  Whether these incidents were indicative of a problem with the
    system has to be determined.  The first thing you have to understand is that
    once a missile has been fired, if an aircraft flies between the target and
    the Patriot radar on the ground, the missile can acquire the closer aircraft.
    The Patriot operator can tell the radar not to track the closer aircraft
    when that plane is showing friendly IFF.  If this happens, the missile
    should reacquire the original target.  Off course, if the missile is close to
    the aircraft, the wrong target may be attacked anyway.
    
    This seems to be what happened in the incident where the British aircraft
    was shot down.  It is not clear whether there really was an enemy
    missile -- or if the incoming was really a mortar shell.
    
    The decision to put IFF recognition in the Patriot ground systems but not in
    the missiles is both a practical design decision and a military one.  If the
    enemy starts broadcasting "your" IFF code do you want the Patriot system to
    be able to override IFF recognition?
    
    In the second incident, the operators were again under attack and apparently
    "unassed" the control trailer.  My guess is that the radar was in TWS (track
    while scan) mode, and the F-15 countermeasures read it as a lock-on -- which
    of course it was.  If the Patriot battery had been manned they could have
    either told the radar not to lock on to the F-15, or turned off the radar so
    that the HARM would have lost lock.
    
    In both cases, note that the situation was a typical one for "friendly fire"
    incidents -- multi-mode attacks that haven't been considered by the rules of
    engagement.
    
    ------------------------------
    
    Date: 31 Mar 2003 15:02:39 -0800
    From: tarat_private (Thomas A. Russ)
    Subject: Friendly Fire and the Perils of Statistical Reasoning
    
    Actually, having it be higher in the first Gulf War is not really that
    astounding, given the general circumstances.  In that war, the overwhelming
    majority of all casualties were inflicted by the Coalition Forces.  Given
    that tremendous disparity, even a very small error rate applied to the
    casualty causation numbers would end up being a very large part of the
    overall casualties.
    
    While good figures for the Iraqis are hard to come by, CNN's web site lists
    the following.  Coalition 213 combat fatalities (plus another 145 nonbattle
    deaths).  Iraqi military fatalities estimated at 100,000.  If the latter is
    true, then having just a 0.1% error rate would explain about 100 friendly
    casualties or about half of all of them...
    
    (CNN did not break down US casualties by cause, although British losses were
    listed as 24, 9 by U.S. fire).
    
    Thomas A. Russ,  USC/Information Sciences Institute          tarat_private    
    
    ------------------------------
    
    Date: Mon, 31 Mar 2003 10:27:41 +0100
    From: Anthony Youngman <Anthony.Youngman@ECA-International.com>
    Subject: Re: Friendly fire (RISKS-22.65)
    
    In the first Gulf War, our (the British) "friendly fire" casualties were
    about FIFTY percent of total casualties.  Nearly all of them were caused by
    a single American "hunter air patrol" which, while OUT of its patrol area,
    and OUT of radio touch (accidental or deliberate?) with its controllers,
    mis-identified two Warrior APCs as Iraqi and destroyed them.
    
    It caused considerable bad press over here, and the impression left was that
    the pilots were fed up with not finding targets, wanted to attack
    something/anything, and had pretty much disobeyed orders in order to find
    something to shoot at. Shame it was a bunch of soldiers on the same side ...
    
    ------------------------------
    
    Date: Wed, 02 Apr 2003 20:34:30 -0800 (PST)
    From: Lauren Weinstein <laurenat_private>
    Subject: NCIC: "Death by Oops?"
    
    The latest "Fact Squad Radio" short audio segment may be of interest.  It
    concerns the issue of data accuracy in the FBI's NCIC system.  It's called:
    
      "The FBI NCIC: Death by Oops?"
    and is available via:
      http://www.factsquad.org/radio
    
    +1 (818) 225-2800 laurenat_private 
    PFIR: People For Internet Responsibility - http://www.pfir.org
    
    ------------------------------
    
    Date: Thu, 03 Apr 2003 00:02:47 GMT
    From: Paul Hirose <x3xpp-c52ye-0401at_private>
    Subject: POW Social Security numbers revealed
    
    The current war in Iraq has highlighted a risky practice the Pentagon has
    been following for many years: using the Social Security number as a
    military member's "service number". Americans taken POW have been seen and
    heard on television identifying themselves as required by the Geneva
    Convention. Naturally this included reciting their SSNs.
    
    In every case I've seen (all on American TV), the interview was edited so
    only the first few digits were revealed. I'm not sure who did this; I hope
    it occurred at the source (presumably Iraqi state television).
    
    The use of SSNs as service numbers was an issue even before the war.  In one
    incident, some senior officers suffered identity theft when their SSNs were
    published in the Congressional Record:
    
    http://www.washingtonpost.com/ac2/wp-dyn/A35194-2000Apr7?language=printer
    
    Foreign readers should understand the SSN is practically an American's
    national identity number, heavily used by the government, employers, banks,
    even schools. Broadcasting a POW's name and SSN worldwide creates a severe
    risk of identity theft and invasion of privacy.
    
    Perhaps when the change to SSNs occurred (in the Vietnam era, according to
    the newspaper article) the danger seemed minimal. But times have
    changed. The Pentagon should revert to service numbers which have no meaning
    or usefulness outside the military.
    
    Paul Hirose <x3xpp-c52ye-0401at_private>
    
    ------------------------------
    
    Date: Wed, 2 Apr 2003 10:54:10 -0500 
    From: Jeremy Epstein <jeremy.epsteinat_private>
    Subject: Cell phones & 911 service
    
    *The Washington Post* reports on a number of cases where calling 911 from a
    cell phone was routed to the wrong jurisdiction, so "response to a
    life-threatening -- and ultimately fatal -- emergency was delayed because a
    cell phone call to 911 didn't work the way it was supposed to".
    
    The examples given were a caller in Chillum MD routed to 911 in Washington
    DC (an immediately adjacent jurisdiction) and the recent case [RISKS-22.58]
    where teenagers in Long Island Sound drown because 911 wasn't able to
    determine where the call was coming from.  They note that in the Chillum
    case, the problem occurred because "a wireless signal can get picked up by
    the wrong cell phone tower".
    
    In this case, though, the technology isn't at fault, despite what *The Post*
    says.  Radio waves don't respect human boundaries; the cell phone goes to
    the nearest/strongest signal (not sure exactly how this works).  If I stand
    on one side of a street, I can be in a different jurisdiction from the other
    side of the street.  There's no way for the cell tower to know which side of
    the street I'm on, and route the call to the correct 911 location.  The RISK
    is that 911 dispatchers aren't trained to recognize calls from adjacent
    jurisdictions and route them appropriately.
    
    http://www.washingtonpost.com/wp-dyn/articles/A54802-2003Mar30.html
    
    ------------------------------
    
    Date: Fri, 4 Apr 2003 07:50:16 -0500 (EST)
    From: "Mark T.B. Carroll" <Mark.Carrollat_private>
    Subject: Possibly-wrong expectations about bouncing e-mail
    
    I have domain names with short names where all e-mail to anyone at that
    domain comes past me. One thing I find is that people from organisations
    that have a similar domain name to one of mine send their inter-office
    stuff to me as they mistype their own organisation's domain name in the
    intended recipients' addresses. I wonder if they would be more careful
    with internal documents if they realised it is actually not all that
    improbable that e-mail to Some.Odd.Name@wrong-short.domain that doesn't
    look like spam will be read by at least somebody instead of being bounced
    automatically.
    
    ------------------------------
    
    Date: 29 Mar 2002 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.67
    ************************
    



    This archive was generated by hypermail 2b30 : Fri Apr 04 2003 - 11:56:39 PST