To: RISKS-LIST:;@csl.sri.com CC: Subj: RISKS DIGEST 13.80 RISKS-LIST: RISKS-FORUM Digest Weds 16 September 1992 Volume 13 : Issue 80 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Arrest Warrants (Joseph Nathan Hall) Stop the presses, call the police! (Frans Heeman) A Financial risk avoided (Rob Horn) From the Jury Room - Alcohol breath analyzer (Jim Haynes) Automatic DUI (Driving Under the Influence) (Jane Beckman) Re: update: Barclay voice mail insecurity (Flint Pellett) Re: "Sneakers" -- A Topical Movie Review (Mark Brader, James Zuchelli) Greening of Computers (Mark J. Crosbie) Michigan Awarded Funds to Improve Criminal History Records (Nigel Allen) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 13, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Sat, 12 Sep 92 13:57:25 EDT From: joseph@joebloe.maple-shade.nj.us (Joseph Nathan Hall) Subject: Arrest Warrants The son of a former employer of mine was met at the door one Saturday morning by two local police officers, who presented him with a felony arrest warrant and took him off to jail. The charges involved were something like passing bad commercial paper and perhaps interstate flight. I gather that he was a little surprised. It turned out that he had left some money in a checking account in a bank in another state (Missouri, I think) before moving to his new residence. After a while, the service charges ate up the funds in the account and the last charge "bounced." The bank treated it as a bad check. They looked for him for a while, and then, since bad paper in the state in question is a felony, regardless of the amount, they passed the info to the local authorities and an arrest warrant resulted. (I wonder whether there was any human intervention up to the point where the judge issued the warrant.) Apparently there is a pretty good interstate commerce in arrest warrants, and somehow the out-of-state warrant wound up at the local police station, along with the "suspect's" current address. Most stations keep a pile of warrants that need to be served handy for slow times--like Saturday morning. It could happen to YOU! Disclaimer: This story was related to me a few years ago by a former employer. I believe that the facts as I have stated them are essentially correct, though the details are no longer clear in my memory. uunet!joebloe!joseph (609) 273-8200 day joseph%joebloe@uunet.uu.net 2102 Ryan's Run East, Rt. 38 & 41, Maple Shade NJ 08052 ------------------------------ Date: Sun, 13 Sep 92 22:00:43 -0700 From: haynes@cats.UCSC.EDU (Jim Haynes) Subject: From the Jury Room - Alcohol breath analyzer I was on a jury last week (trial now over so I can talk about it) and part of the case involved a breath alcohol machine. We were not shown the machine but it was described by expert witnesses and we saw its output. The machine in question is microprocessor controlled and displays two digits of output - any other significance is truncated. To use it the officer first puts a blank card into a slot and types in the suspect's name and date and time and the like. The machine prints all this on the card along with the test results. The test consists of an air purge, when the machine checks itself for a zero reading; then the suspect blows; then another air purge and zero check; then another blow; then a final air purge and zero check and all these results are printed on the card. During the blowing a tone sounds to signal that the suspect is blowing hard enough. Whatever it is the machine measures, it takes a measurement every 0.6 seconds and waits for three of these to be the same before treating that as a reading. Hence as the alcohol concentration in the blow increases the machine is supposed to wait for a plateau and record the plateau value. The machine is supposed to measure and subtract something else to eliminate the effects of substances such as acetone that were known to throw off earlier model machines. Supposedly the calibration of the machine is fixed at manufacture; but the calibration is verified about once a week by the forensic lab which takes care of it. There is an alcohol-water solution in a breath simulator attached to the machine. The lab dials up using a modem and commands the machine to verify its calibration. The machine measures the simulated breath and sends the measurement and its identification back to the lab, where the information is kept in their computer and can produce a printed report as needed. The test solution is supposed to make the machine read 0.14% +/- 0.01%. For the machine in question there was a verification a few days before the crucial test, and another one a few days later. Both times the machine read 0.15%, which is acceptable. We saw the results of several other verifications and this machine usually read 0.15%, although once or twice in the past it had read 0.13%. On the test in question the machine had read 0.09% . A blood alcohol level of 0.08% makes it illegal to drive a car in California. I convinced myself and the rest of the jury that a blood alcohol level of 0.08% in the defendant was unproven. First, when the machine read 0.15% that could mean anything between 0.1500... and 0.1599... Second, we were not told any more about the test solution than that it should produce a reading of 0.14%. I know chemists can mix up solutions very accurately, and for good science you would want to mix the solution as close to 0.14500.. as possible; but we had to assume the solution could be anywhere between 0.1400... and 0.1499... So we could have a solution at the high end of 0.14 and the machine could be measuring at the low end of 0.15 and it is measuring pretty close. Or we could have a solution at the low end of 0.14 and the machine could be measuring at the high end of 0.15 and it is off by just under 0.02%. If errors are additive offsets then the defendant's blood alcohol could be anywhere between 0.0700... and 0.0899... and that absolutely fails to prove 0.08% or more. I used an analogy at the time that this is like trying to verify the accuracy of a yardstick by comparing it with another yardstick. There's an interesting psychological phenomenon that I observed. There was a lot of testimony by experts about errors and possible errors in the machine. Invariably they and the attorneys would add and subtract 0.01 here and 0.02 there from machine readings as if all the errors are additive offsets. There was never any testimony as to whether the errors in the machine are really offsets or proportional to the reading, or completely nonlinear, or anything else. Nobody ever mentioned an error of so many per-cent, or suggested that multiplication be used. So I conjecture: when people deal with numerical data where there are only two digits they tend to assume that any adjustments to the data are to be made by addition and subtraction. Maybe this phenomenon results from habit dealing with dollars and cents; or maybe it's just that people are lazy and addition is easier than multiplication. Both experts agreed that the readings are affected by the suspect's body temperature. I was surprised that the machine doesn't measure and correct for this, or that the temperature isn't taken and recorded at the time of the test. If we had not been doubtful of guilt from the above accuracy considerations alone we would have had to consider the defense expert's suggestion of various confounding factors, a much more speculative undertaking. He and his colleagues have done experiments and published in the field. They have a few instances in which the subject got a false high reading by blowing very hard. This is not fully understood. He said something about the mucous membranes drying out and releasing extra alcohol. He drew a graph showing that the machine sees a first plateau, at which the reading is good; but then the alcohol level increases and goes to a second higher plateau and the machine takes that as its reading instead of the first. They have also found the machine will read too high if the suspect is still absorbing ingested alcohol, which can happen for example if the alcohol was taken with food. He didn't offer an explanation for this, but only evidence that it can happen. There are formulas to predict blood alcohol level based on the amount of alcohol ingested and the weight of the subject and other factors. Our defendant admitted to drinking only one pint of stout with food about 2 hours before the arrest. Both experts calculated this was not enough alcohol to get anywhere near 0.08% blood alcohol. It was maybe barely enough to get the machine to read 0.09% with all of the confounding factors such as temperature and blowing hard and the absorptive-phase phenomenon. Maybe she drank more than she admitted; maybe the machine really is that lousy inaccurate; maybe there are other unconsidered factors leading to errors; we didn't have to go into that. Advice to drivers would seem to be: if you are arrested for DUI and believe you are innocent then don't choose the breath test - it's not very accurate. If you think you might barely be guilty then choose the breath test and fight it in court. ------------------------------ Date: Mon, 14 Sep 92 17:50:55 PDT From: jane@stratus.swdc.stratus.com (Jane Beckman) Subject: Automatic DUI (Driving Under the Influence) A friend's husband just recently got a shock. A notice showed up in the mail that his driver's license was suspended. He called up the California Department of Motor Vehicles (DMV) to find out what was going on. He had recently been involved in a dispute involving his auto, so he suspected it might have something to do with that. Well, they asked him, didn't you recently plead guilty to a charge of Reckless Driving? Yes, he said. Well, that explains it. Wait a minute, he said, explains what? He said it was his understanding that Reckless Driving was not something they normally pulled your license for, or he would have fought it. Oh no, they said, that was for the liquor. You have a DUI (Driving Under the Influence). WHAT? he asked. Your Reckless Driving in connection with DUI. At this point, he knew he had a problem since there was no alcohol involved. He explained to the woman that the Reckless Driving charge was a plea bargain. He had been stopped and threatened by a juvenile gang who had blocked his car. He had stepped on the gas and hit one of them in trying to get out of there. He was charged with Battery and Assault With a Deadly Weapon (his car) by the gang member, who pressed charges. His lawyer had advised him that fighting the charge, despite circumstances, would be a long and costly battle, especially since where juveniles were involved, it was possible that the jury would find against him. They plea-bargained to a lesser charge of Reckless Driving, and he was fined $250 and sentenced to do 60 hours of community service work (which he was doing, anyway). Fine up until that point. The woman at the DMV insisted that there was a DUI on the record. He explained all of the above, and she asked where the liquor came into it. He explained that there was *never* any liquor involved. Finally, he went down to the office and hassled with the officials there, and the court records were pulled. Surprise, no DUI! It was entered into the system again, and bingo, a DUI came up. I suspect that regular RISKS readers already suspect what the problem was. The system programming on traffic offenses was set up so that a count of Reckless Driving *automatically* entered in a paired count of Driving Under the Influence. The programmer had made the assumption that the two counts were so intimately connected that you would almost *never* have one without the other. To enter a count of Reckless Driving without a DUI, you had to manually override it, and the data-entry clerk was not instructed on this peculiarity, nor was there any flag that Reckless Driving was paired with DUI. And a "guilty" on that count was paired to an automatic license suspension. The problem of overriding the DUI was finally resolved, but it took several days and a lot of arguing hyperventilating on his part. I would suspect that his is not the first, nor the last, case where this "automatic conviction" came up. Jane Beckman [jane@swdc.stratus.com]