RISKS-LIST: RISKS-FORUM Digest Thursday 27 April 1989 Volume 8 : Issue 65 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Northwest 255 -- Another Disconnected Alarm story? (Jerry Leichter) All addressed up with the wrong place to go (Jerry Leichter) Jukebox foolishness (Robert J. Reschly Jr.) Electronic Seat-Belts (Marc W. Mengel) Mitnick plea bargain rejected by judge as too lenient (Rodney Hoffman) Spider-Man's SSN and computer limitations (Brad Blumenthal) ---------------------------------------------------------------------- Date: Wed, 26 Apr 89 20:51 EDT From: "Jerry Leichter (LEICHTER-JERRY@CS.YALE.EDU)" Subject: Northwest 255 -- Another Disconnected Alarm story? From the New Haven Register, 24 Apr 89. (Page 30) Pilots in Northwest crash accused of disconnecting alarm on another flight (Associated Press) Detroit: There is evidence that the pilots involved in a deadly 1987 airliner crash, blamed in part on a warning system failure, intentionally disconnected a similar alarm on another jet two days earlier, the plane's maker says. In a petition filed with the National Transportation Safety Board, Douglas Aircraft Co., a division of McDonnell Douglas Corp., said the pilots pulled a warning system circuit breaker on the first plane, interrupting power to the system and silencing an unwanted warning, The Detroit News reported Sunday. The same pilots, John Maus and David Dodds, were in control of Northwest Flight 255, a McDonnell Douglas MD-80, when it crashed on takeoff at Detroit Metropolitan Airport on Aug. 16, 1987. The pilots died, along with 154 other people, including two people on the ground. The only survivor from the plane was a 4-year-old girl. It was the second worst aircraft accidednt in U.S. history behind the 1979 crash of an American Airlines jet near Chicago that killed 275 people. The NTSB concluded last May that the warning system on the MD-80 failed to alert the pilots that they hadn't set the wing flaps and slats, which provide added lift for takeoff. The board faulted the pilots for not setting the flaps and slats and failing to complete a routine pre-flight checklist. The board also said power to the warning system was interrupted, but couldn't determine why. Douglas' petition, obtained by the newpaper, cited a note written by Northwest pilot Merrill Hodges in September 1987. Hodges said he found an alarm system circuit breaker pulled on another MD-80 jet flown by Maus and Dodds. Flight records show Maus and Dodds landed that plane in Santa Anna, Calif., on Aug. 14, 1987, and the plane stayed on the ground until Hodges entered the cockpit the next day, Douglas' petition said. "The unavoidable conclusion is that the absence of power to the takeoff warning system was the flight crew's intentional disablement of the takeoff warning," the petition said. Northwest lawyer Carroll Dubuc said Douglas' petition doesn't raise anything new and promised to file a response that will rebut Douglas' claim. The newspaper quoted an unidentified official of the Air Line Pilots Association as saying the claim is false. The official said the union is also preparing a response. ------------------------------ Date: Wed, 26 Apr 89 21:14 EDT From: "Jerry Leichter (LEICHTER-JERRY@CS.YALE.EDU)" Subject: All addressed up with the wrong place to go [Background: Martindale and Hubbell is, and has been for many years, the standard directory of lawyers and law offices. It runs to many thick volumes, and is a required part of any law library.] From "The American Lawyer", April 1989. (Page 19.) If you want to serve process on New York's Weil, Gotshal & Manges, you could be handing papers to a dapper, red-liveried doorman at The Belmont, an exclusive residential building on Manhattan's East 46th Street. Mail addressed to Whitman & Ransom could end up in the hands of one J. Pugh, the tenant in apartment 5A of The Vancortlandt, a tony upper Park Avenue building. And lawyers unfamiliar with Wall Street's Fried, Frank, Harris, Shriver & Jacobson could be reporting to a luxury apartment building on the Upper East Side. Although the Belmont's doorman doesn't work for Weil, Gotshal, he says he has been receiving "all kinds of mail" for the firm. "Maybe a few lawyers live in this building," he adds, "but there is no law firm here." It seems that Martindale-Hubbell, Inc., made a few mistakes in printing its 1989 New York law directory. Twelve New York firms - including Weil, Gotshal; Fried, Frank; Whitman & Ransom; Phillips, Nizer, Benjamin, Krim & Ballon; and Kelley Drye & Warren - are listed with incorrect, and seemingly random, Manhattan addresses. "I'm not very happy with [Martindale]," says Weil, Gotshal partner Alan Weinschel. "This is the most god-awful negligence. Suppose somebody serves papers on us at [East 46th Street] and it takes an extra day to forward it to our office [at 767 Fifth Avenue]? What if we miss a deadline because somebody didn't make a change in the directory?" Martindale cannot explain the erroneous addresses, except to blame "a computer glitch," according to Richard Pizzi, vice-president and corporate counsel to the legal publishing company. Pizzi says the company's computer was "turned down, and then back up" after the New York volume was already proofread. Martindale didn't discover the errors until after the volume was printed and mailed. "We tried to address the issue head on," Pizzi says, noting that the company gave each affected firm a complete refund of the cost of printing attorney's biographies in the volume. The publisher also arranged with the post office for mail to be forwarded to the proper addresses, and sent customers a two-page announcement of corrections. Nonetheless one firm is sending a messenger four times a day to pick up Federal Express mail and other deliveries that might have found their way to the incorrect address. Martindale's efforts haven't earned high marks from some lawyers at the affected firms. One angry partner says that when he insisted Martindale issue stick-on labels with the correct addresses, the company didn't respond. (Prizzi says the company is considering the suggestion.) Pizzi turned down requests from firms who wanted the book reprinted. But other firms involved in the mix-up are not concerned. The Manhattan branch of Rochester's Nixon, Hargrave, Devans & Doyle, for example, is listed at two addresses - 30 Rockefeller Center, its true address, and 101 Park Avenue. "Our regular customers know where we are," says Edward Hughes, managing partner of the New York office. "We'll rely on everybody's good humor to get by." ---Karen Dillon ------------------------------ Date: Thu, 27 Apr 89 4:14:22 EDT From: "Robert J. Reschly Jr." Subject: Jukebox foolishness Here is yet another example of microprocessor programming foolishness: When several of us went to the local Pizza Slut for supper this evening, we were seated next to the jukebox. After noting that it looked pretty new we proceeded to forget about it until it went into "attract mode". If it remains unused, it will eventually play a seemingly randomly chosen song about once every 15 minutes. This behavior, a relatively trivial extension of the attract mode common to video games, did not elicit much comment. It did however provoke more intense scrutiny of the jukebox. There were several 7-segment displays making up the front panel (the usual "current selection", "current play", and so forth), and one labeled "most popular selection". Given that the group was composed of techie types, we proceeded to speculate on the usefulness of that display -- including the idea of feeding the play history to a clearinghouse ala Arbitron or Nielson. We also started wondering if the people who programmed the jukebox remembered to exclude the selections played during attract mode from the "most popular selection" calculations. Answer: NO! When the jukebox played "143" in attract mode, the "most popular selection" display switched from "165" to "143". *Sigh* Bob [I'm glad it wasn't a JOKEBOX. Nothing like hearing the same jokes over again, even if you tell 'em by the numbers. (Old metajoke) To go with "You didn't tell it very well." and "We never heard that one before.", how about these: "Number 165? That's not funny anymore. The jokebox keeps playing it." "Number 143? I couldn't understand that one. It was still encrypted." ) PGN] ------------------------------ From: mmengel@cuuxb.ATT.COM (Marc W. Mengel) Subject: Electronic Seat-Belts Date: 27 Apr 89 16:38:30 GMT >From Automotive Electronics News, Monday April 24 1989, p31 Makers Ready Smart Seat Belts for Mid-'90s Entry DETROIT - Seat belts with electronic tension and slack controls should be commonplace on cars in the 1990s, according to manufacturers. ... Research shows that the more comfortable belts are, the more likely people are to wear them. The problem is that belts are more comfortable when they exert less tension on the body, but they provide the most protection when they are snug. ... Common mechanical belts in US cars today control slack with ratchets and pawls similar to window shade mechanisms. ... Mechanical belts' major drawback is that sometimes too much slack is left in a belt when a person leans forward and then sits back in the seat. A survey in 1988 by the Insurance Institute for Highway Safety showed that more than one-third of the belted drivers of American cars have greater than the safe limit of 1 inch of slack in their restraint. This phenomenon contributed to more severe head and facial injuries. ... Engineers at Bendix Safety Restraints Division of Allied Signal Corp. and TRW Vehicle Safety Systems Inc. -- the two major seat belt suppliers said electronically controlled belts with electronic slack controls will provide maximum safety and maximum comfort. Both companies have developed prototype belts with electronic slack controls and have presented them to their Big Three customers for evaluation. ... Once electronics are made part of a seat belt system, other features can be added easily, said Dr. Fleming [staff engineer in R&D at TRW] ... Sensing brake pressure is important because a driver whose car is sliding on ice might brake, and an inertial sensor might not pick it up, said Dr. Fleming. With electronics "It doesn't cost you anything to lock those belts ... and drive the motor backwards to really tighten down the belt," he said. This would be accomplished by having an algorithm that signals the seat belt motor to temporarily run in reverse at double voltage during an emergency situation, Dr. Fleming said. ... These smart systems might then lead to anticipatory systems that use radar as the sensor, ... Systems also can be created to adapt themselves to individual occupants tastes for slack and tension. [What about electrical systems failures leading to loss of control *and* loss of seat belt locking??? Marc Mengel] [How about "brilliant belts" that sense when you are drunk, strap you in, and call the police? PGN] ------------------------------ Date: 26 Apr 89 08:13:46 PDT (Wednesday) From: Rodney Hoffman Subject: Mitnick plea bargain rejected by judge as too lenient An article by Kim Murphy in the 25 April 1989 'Los Angeles Times' reports that U.S. District Judge Mariana Pfaelzer unexpectedly rejected the plea bargain of Kevin Mitnick, the hacker once called "as dangerous with a keyboard as a bank robber with a gun." Pfaelzer declared that Mitnick deserves more time behind bars. As reported in RISKS 8.43, "Mitnick pleaded guilty to one count of computer fraud and one count of possessing unauthorized long-distance telephone codes.... Mitnick faces one year in prison. Under a plea agreement with the government, he must also submit to three years' supervision by probation officers after his release from prison." Judge Pfaelzer said Monday, "Mr. Mitnick , you have been engaging in this conduct for too long, and no one has actually punished you. This is the last time you are going to do this." She said a confidential pre-sentence report recommended that she exceed even the 18-month maximum prison term called for under mandatory new federal sentencing guidelines. The judge's action voids Mitnick's guilty plea. Both prosecuting and defense attorneys were surprised. Mitnick's attorney said he did not know whether his client would agree to a guilty plea carrying a longer prison term. This could make it harder to bring charges against Mitnick's alleged associates. If Mitnick is brought to trial, testimony from at least one of his associates would be required to convict him, and they would not appear as witnesses without receiving immunity from prosecution. ------------------------------ Date: Thu, 27 Apr 89 10:03:09 CDT From: brad@cs.utexas.edu Subject: Spider-Man's SSN and computer limitations I guess we've probably beat this topic about to death, but comic strips do give some picture of popular beliefs about computers. The current story line in Spider-Man has Jolly Jonah attempting to discover the web-slinger's True Identity by hiring a team of psychologists to "feed information into a computer," which will then figure out the answer. This is not the only time I've run across this sort of computer naivete. When I was just learning to program (in BASIC, lo these many years ago), a friend called me up with a scheme to win a local radio station contest. I would take all the clues that the station had broadcast describing, and "feed" them into "the computer" (presumably into the BASIC interpreter :-), and he would figure out some way to get through to the radio station when the computer came up with the right answer. The question for RISKS readers is double-edged. How did this impression of computers as all-knowing come about, and how should we, as professionals, describe computers so as to dispel these notions? The answer to the first part of the question is fairly obvious. A friend pointed out to me the multitude of public sources of misconception -- from popular entertainment (Twilight Zone, 2001, Knight Rider), to sales campaigns and news reports based on press releases (users will be able to train themselves and solve world problems with computer X), to sensationalistic claims by well-known and highly visible computer scientists. The other side of the question is much harder. I've often found myself trying to characterize the limitations of computers as they are applied to these situations (i.e. discovering an identity from a set of clues). It's an interesting juxtaposition to the awesome ability computers have for producing a set of clues from an identity (e.g. a SSN). Trying to explain the differences in cocktail-party English is difficult at best. As our data bases become larger the principle of garbage-in-garbage-out seems to be taken less seriously (ironically), and non-computerniks don't seem to interpret this to include nothing-in-nothing-out. To reiterate, how should we present the limitations of computerized information handling in a clear, non-patronizing way, and how can we effectively counter those who imply the omniscience of "The Computer?" Do we need a "truth-in- advertising" code for computer capabilities; if so, what should it look like? Brad Blumenthal, Computer Science Department, University of Texas, Austin TX uucp: {uunet, harvard}!cs.utexas.edu!brad ------------------------------ End of RISKS-FORUM Digest 8.65 ************************ -------