RISKS-LIST: RISKS-FORUM Digest Tuesday 18 April 1989 Volume 8 : Issue 59 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: More on the British Midlands 737 crash (Robert Dorsett) Computers and Food Poisoning [anonymous] The dangers of electric seatbelts (was: windows) (Clements) Re: The dangers of electric windows (Daniel Klein) Newspaper Cartoons and Computer Infallibility (G. McClelland) Re: Thoreau and Navigation (David A Honig) "Journalist Vigilantes" (Walter Roberson) Hazards of RF near electronic controls (Dana Myers) ---------------------------------------------------------------------- Date: Tue, 18 Apr 89 14:47:36 CDT From: mentat@dewey.cc.utexas.edu (Robert Dorsett) Subject: More on the British Midlands 737 crash The following editorial appeared in the 1 April 1989 issue of FLIGHT INTERNATIONAL. It seems to indicate that a bevy of old, controversial issues are bubbling to the forefront again: technical training for pilots, cross-type ratings, cockpit design, EROPS reliability, and computer-assisted information systems. In the hours that followed the crash of a British Midland Airways Boeing 737-400 on Britain's M1 motorway, the airline industry harbored fears that the accident held terrible significance for the burgeoning business of flying twinjets for long distances over water. Dual engine failure was soon ruled out as a cause of the British Midland crash, but with last week's publication of its special bulletin on the accident, the United Kingdom Air Accidents Investigation Branch has raised new issues with equal significance to extended- range operations (EROPS). ... What possible significance can the crash of a short-haul airliner on a hop from London to Belfast have to the safety of aircraft crossing and recrossing the world's oceans? While the AAIB's special bulletin makes no attempt to determine the accident's cause, or to apportion blame, it details a sequence of events which could easily have occurred in mid-ocean, with equally disastrous results. The sequence begins with the failure of a fan blade in the 737's left engine, producing symptoms which the crew wrongly diagnosed as a problem with the right engine. Those symptoms included vibration, plus smoke and the smell of burning carried by the air conditioning in the cockpit. After examining systems recovered from the crashed aircraft, the AAIB is certain that the cockpit instruments correctly indicated severe vi- bration in the left engine. Investigators note, however, that pilots distrust aircraft engine vibration indicators, based on experience with earlier electromechanical instruments. Crews seem unaware that electronic indicators on later 737-300's and the 737-400 are more accurate. Another example of mythology triumphing over knowledge is the apparent perception among 737 crews that cockpit air conditioning comes solely from the right engine, and that smoke and burning smells in the cockpit tend to indicate fire in the right engine. In fact, air supplied to the cockpit comes from both engines, in a 70:30 right: left mix. Whether either of these misconceptions played a part in the British Midlands crash is not addressed in the AAIB's special bulletin, but FLIGHT understands that accident investigators have become increasingly concerned at the level of technical knowledge expected of airline pilots. The issue of technical knowledge takes on new significance in a two-crew twinjet flying 1200 nm from the nearest airport. Theoretically, the information systems in modern widebody airliners should provide the crew with everything they need to know, and prompt them to take timely and correct actions to cope with any emergency. This assumes that the crew understands, and trusts, what the system tells them, however. In mid-ocean, a high degree of mutual man-machine trust is essential. Information supplied to the crew must be trustworthy--and be known to be trustworthy--and knowledge must triumph over crew mythology. That means better technical training for pilots. The alternative for safe EROPS is to reintroduce that much-maligned breed, the flight engineer. Three months after the M1 crash, the AAIB is still piecing together what happened on Flight BD092, despite having ready access to the crew, the wreckage, and good recorded flight data and cockpit voice. It will be months before the final accident report is published. If an EROPS aircraft goes down in mid-ocean, what the cause might never be discovered" (sic). ------------------------------ Date: Tue, 18 Apr 89 11:07:37 PDT From: [anonymous] Subject: Computers and Food Poisoning A controversy is currently before Congress over a Dept. of Agriculture plan to cut in half (from around 2000 to around 1000) the number of meat plant government inspectors. Part of the rationale for this change (which is being protested by numerous consumer watchdog groups and many meat inspectors themselves) is that a new computer system allows for very precise "targeting" of the plants which are most likely to have problems, thusly (supposedly) allowing for fewer visits to plants the computer considers "safe" based on various parameters (including past history, etc.) However, in testimony before Congress, current inspectors have (at risk to their own jobs) testified that the computer system being used is not reliable. Reports have indicated that it makes mistakes about even very "simple" data items, including sending inspectors to plants when they are closed. This certainly doesn't raise one's hopes about the more complicated data factors the system must also handle! One inspector pointed out how the computer forbid him going to a particular plant because the model deemed that plant "safe". But based on his own knowledge, he went there anyway, and found serious food poisoning contamination. Most watchdog groups feel that we need MORE meat inspectors, not less. For the federal government to use questionable computer models as an excuse for slashing meat inspection seems to show extremely poor judgement and a considerable risk. Anyone for a burger? [If you do eat meat, support your friendly natural meat producers. The computer model undoubtably ignores growth hormones, dyes, antibiotics in the grain feed, etc., even at dangerous levels. By the way, whistleblowers seem to deserve some anonymity, for otherwise the watchdog might get turned into a hotdog. (Bribing the inspector with free drinks might be called `Wetting your Whistleblower'.) PGN] ------------------------------ Date: Tue, 18 Apr 89 15:21:06 -0400 From: clements@BBN.COM Subject: The dangers of electric seatbelts (was: windows) (RISKS-8.58) On my last vacation trip, I rented a car with "Automatic Seat Belts". In this particular car, at least, these have a very powerful motor and no manual override once they start moving. I found them really scary. When I commented on them while returning the car, the agent said (paraphrased): "Yeah, they're pretty bad. We had one catch a lady's earring in the belt and it ripped part of her ear off." ------------------------------ Date: Tue, 18 Apr 89 11:16:04 EDT From: Daniel Klein - 412/268-7791 Subject: Re: The dangers of electric windows [RISKS-8.58] One nice thing about driving an Alfa Romeo (which has power windows) is that in my 1978 model, a hand crank was provided as a manual override to the power motor (the crank was stored in the glovebox). The newer models don't have this feature since, according to the mechanic, the window motors just never went bad (I'll believe him - my 1987 has had *nothing* go wrong anywhere on the entire vehicle). Of course, in the event of a water landing, I will simply pop the roof and punch out vertically. And they tell me the Alfa isn't a practical car! :-) -Dan ------------------------------ Date: Tue, 18 Apr 89 07:39 MST From: MCCLELLAND_G%CUBLDR@VAXF.COLORADO.EDU Subject: Newspaper Cartoons and Computer Infallibility From today's Hi & Lois newspaper cartoon strip: Clerk [to Hi]: I'm afraid we're out of stock on that item, sir. Hi: I found it on the rack. I just want to buy it. Clerk: Sorry, but we can't sell something the computer says we don't have... [More like Hi and Dry! PGN] ------------------------------ Date: Tue, 18 Apr 89 08:30:05 -0700 From: David A Honig Subject: Re: Thoreau and Navigation > It should be borne in mind, however, that Thoreau was speaking of the > tables calculated by HUMAN calculators, not machines. ... Agreed, the tables were computed by humans, but then, who writes software, who designs hardware? :-) The general issue is: What are the risks involved in trusting one's artifacts, whether they are instruments, tables, computational theories, algorithms, machines, etc.? ------------------------------ Date: Tue, 11 Apr 89 20:11:17 EST From: Walter_Roberson@carleton.ca Subject: "Journalist Vigilantes" An article by Gary Marx, in the local weekend paper, but apparently reprinted from The Christian Science Monitor, discusses the trend towards TV news shows using videos filmed by amateurs with video recorders. The article, entitled "\Bold{Cower!} You're on candid camcorder" in the local edition, mentions several points quite familiar to long-standing RISKS readers (eg, "It is possible to create images not found in reality and to mix real and imaginary images,"), but is interested as one of few publically newspaper articles that concern themselves specifically with the risks to privacy that technology can easily bring about. Some parts extracted from the article: 'Information technology in private hands can offer documentation and alternative views. [...] Without appropriate policies, there is a danger of creating a group of journalistic vigilantes who will offer fraudulent or contrived news, invade privacy, and debase the quality of television news. [...] Camcorders are at least visible, but tiny hand-held video cameras the size of a deck of cards can also be purchased along with cameras hidden in picture frames, mirrors, briefcases, and even books. Our lives may increasingly become episodes in someone's version of \it{Candid Camera}. [...] Video cameras must be considered alongside other potentially invasive information technologies such as miniature voice-activated tape recorders, devices for remotely monitoring telephone and room conversations, computer dossiers, electronic location monitors, and drug testing. [...] These new technologies are likely neither to be as harmless as advocates claim nor as dangerous as critics fear. Their impact will be determined not by anything inherent in the technology but by the choices we make. " -- The Ottawa Citizen, Sat. Apr. 8, 1989, pg B6 [The trailer notes that Gary Marx is the author of \it{Undercover: Police Surveillance in America}. ...] Walter Roberson ------------------------------ Date: Wed, 12 Apr 89 11:51:50 PDT From: Dana Myers Subject: Hazards of RF near electronic controls Dave Horsfall writes: > (my 2m HT has) just 3 watts and a rubber ducky... very inefficient Well, it may not be really efficient at getting your signal anywhere far, but a short antenna like that can have very high RF voltages present. I know my Kenwood TR-2600 (1 or 3 Watts between 144-148 MHZ) would easily reset the telephone on my desk before we upgraded to a Rolm system, which appears to be resistant. It isn't the power that upsets electronic devices - it usually is the voltage. There may be parts of an electronic control which resonate at high frequencies, and therefore build up large levels of voltage, enough to force a low logic level high, etc. It is hard to foresee that in the design of a system which is intended to operate at much lower frequencies. The Otis 401, though it did malfunction, also detected the malfunction before doing anything dangerous. This is a case where the designer could not prevent RF from upsetting the controls, but did build a mechanism to gracefully cope with the upset. Even if the control was encased in an RF tight box (which would likely increase the cost significantly), the ability to cope with RF or EMI induced upset must be there. Since it isn't often that the control will be inundated with RF at close range, the design need really only cope the infrequent case that upset occurs. Dana H. Myers, WA6ZGB, Locus Computing Corp., Inglewood, CA ------------------------------ End of RISKS-FORUM Digest 8.59 ************************ -------