RISKS-LIST: RISKS-FORUM Digest Saturday 17 June 1989 Volume 8 : Issue 81 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Re: Disarmament by defect (Gary Chapman) Medical history-on-a-card? (Ellen Keyne Seebacher) No backups -- TOWER of Babel (Sam Cramer) 'Blip' Blows Computers Back to Paper Age (Mark Osbourne) Re: Computer electrocutes chess player who beat it! (O. Crepin-Leblond) Re: Hartford Coliseum (Richard S. D'Ippolito) ---------------------------------------------------------------------- Date: Fri, 16 Jun 89 13:49:57 PDT From: chapman@csli.Stanford.EDU (Gary Chapman) Subject: Re: Disarmament by defect The plot of the latest John LeCarre novel, *Russia House*, involves a Soviet physicist who goes by the code name Goethe, who, in the story, was for many years in charge of the Soviet ICBM testing program, and created the telemetry encryption schemes that the Americans had been trying to break for many years (telemetry encryption is a serious dispute between the U.S. and the Soviets in real life). Goethe has an attack of conscience, and decides to reveal to the West that Soviet ICBMs are virtually duds--if they get out of their silos at all, they're just as likely to hit Minsk as Chicago. All of contemporary U.S. strategic theory, and strategic spending (hardened silos, SDI, launch-on-warning, etc.), is of course based on the assumption that Soviet missiles can fly right down the silos of Minuteman IIIs and MXs over here. The interesting part of this story is the effect that Goethe's information has on U.S. authorities. The defense contractors go ballistic, if you'll pardon the pun. Their whole raison d'etre is based on continuing technological refinement to counter a Soviet threat that is suddenly no longer there. The "Bluebird" documents (Goethe's notebooks) also call into question the whole multi-billion dollar apparatus of U.S. surveillance and intelligence analysis in the strategic arena--satellites, listening posts, KC-135s, trawlers, etc., not to mention brigades of experts. And the implication is that the U.S. arsenal is really no better, that we've all been living with the colossal implications of two enormous nuclear arsenals, and in actual fact neither one really works at all. The result of this revelation from Goethe is largely just an escalation of the current stalemate between doves and hawks. The hawks claim Goethe's information is sophisticated disinformation, and if the information is deliberate disinformation then the claims of Soviet incompetence *must* mean that the missiles are actually even *more* accurate than we suspect. The doves claim that the information is accurate, and that there is no rationale for extravagant weapons systems that are supposed to protect us from a threat that has always been a hoax. This debate produces paralysis. It would seem to me that technologists and scientists, contemplating the awesome significance of the integrated nuclear system that we live with every day, would want to know, objectively, whether the damn thing will work when it is called upon. Once this fact had been established one way or another, it would be immensely easier to grasp what sort of problems we face that can be bracketed out from the technological uncertainty that saturates the whole nuclear system. But, since a "test" of nuclear war is impossible--or at least so wildly crazy that no sane person would propose it seriously--we have an enormous, fundamental precedent for building other technological systems that have great risk, that cannot be tested, that are inseparable from political persuasions and irrational faiths, and which incrementally add momentum and depth to this process of scientific and technological corruption. Goethe suggests that when his scientific notebooks are published, they be titled "The Biggest Lie Ever," or something like that. But even Le Carre doesn't seem to realize how big the lie really may be--it may no longer be confined to nuclear weapons, but in fact may be endemic in a whole host of technologies that have been generated within the same, now one-dimensional epistemology of modern engineering--"we hope it will work; if it doesn't get back to us." -- Gary Chapman, Computer Professionals for Social Responsibility ------------------------------ Date: Fri, 16 Jun 89 16:02:38 CDT From: "Ellen Keyne Seebacher" Subject: medical history-on-a-card? The following item appeared in SELF magazine (aimed at younger working women) a couple of months ago, and I've heard nothing about it since: "Credit-card-size medical records are being used in several pilot programs in the U.S., and the British government is thinking about issuing them to the entire population. The pocket-sized plastic "smartcard" has a thin computer chip that stores basic info. -- blood type, allergies, current health and prescriptions -- plus a summary of insurance coverage. Down the road: "optical memory cards" using laser technology similar to compact discs. These could store a person's entire medical history from birth to death, including diagnoses from every visit to a doctor. The card could even plug into a computer to produce the patient's X-rays on a TV screen." The technology under discussion here was not entirely clear: a "thin computer chip" -- like that in a calculator? How would this be read/written to? (A friend has told me that when media ignorami use the words "computer chips", they could mean just about anything. In the context of "smart cards" they do in fact mean a tiny CPU and some memory, with electrical contacts on the card. .) I had initial visions of people carrying their medical records around next to their ATM cards, with the same results -- like scrambling due to magnetic wallet clasps. The problems of storing an "entire medical history" on a card are even worse: lost cards, thefts, and invasion of privacy on a mass scale. Is this a naive assessment of RISK? (I'm really interested in this. Would anyone with "smart card" experience care to comment?) Ellen Keyne Seebacher, Academic and Public Computing, Univ. of Chicago ------------------------------ Date: Fri, 16 Jun 89 14:28:16 PDT From: cramer@Sun.COM (Sam Cramer) Subject: No backups -- TOWER of Babel Another example of not keeping back-ups: I went into Tower Video about 6 weeks ago, selected a tape to rent, and presented the cashier with my Tower Video card. He told me that he'd have to issue me a new card number, as the old database had been wiped out in a crash. Tower is a chain; this loss of data was evidently company-wide. I guess prospective Supreme Court justices should rent from Tower! Sam ------------------------------ Date: Fri Jun 16 08:59:56 1989 From: osbourma@asd.wpafb.af.mil (Mark Osbourne) Subject: 'Blip' Blows Computers Back to Paper Age Dayton Daily News - Tuesday June 13, 1989 Page 3 Office workers, police dispatchers and bank customers got a little taste of what life would be like without computers Monday when systems across Montgomery County crashed all at once because of a little electrical "blip". A power failure of less than a second caused lights merely to flicker, but was enough to trip circuit breakers in some buildings and zap scores of computer systems into temporary chaos. The county's new 911 computer-aided police and fire dispatch system was affected, delaying response time on some calls. "It tool down the county's mainframe (computer)," said Sgt. Richard Elsner, 911 coordinator for the Montgomery County sheriff's office. "We had calls lined up in the computer waiting to be dispatched, and we just lost everything. Fortunately, we didn't have any emergency callers waiting." Dayton Power and Light Co. spokeswoman Ethel Washington said the utility was unsure what caused the power failure, which she called a "blip." She said that "with something that quick, we may never know." The lights flickered in the sheriff's dispatch center in the basement of the Montgomery County Jail at 11:18 a.m., Elsner said. "The lights went off for less than a second - I thought somebody cut across the lines or something," he said. A second momentary pulse occurred about 11:30 a.m., he said. The computer failure scrambled things for a few hours, but crews were dispatched as they were before the computer system was installed. "The radios are still working," Elsner said. Washington said DP&L's computers in the West Dayton office, from which she was calling also were down. For reasons of security, many private users were mum about the power failure's effect on their computer systems, "It was nothing major," Society Bank spokeswoman Susan Byers said. Nevertheless, customers at several banks were unable to make transactions at automatic teller machines until the mess was straightened out. Tina Hamden, general manager of All World Travel, said airline reservation computers at the downtown office shut off automatically when the power went down. Office telephones went dead as well, leaving clients hanging. The travel agency did not lose any computer data, but a local computer expert said that is a risk for most computer users. If a computer user is accessing data using a disk drive, hard disk or other storage device during a power failure, that data may be lost during the transfer from the storage device to the computer's internal memory. "It goes to that nebulous void for computer data," said Robert Stamper, president of Databank Information Services Inc., a Dayton company that provides emergency services for computer users. "If you don't have a backup, you have to re-enter that data - it has to be keyboarded back in all over again, and on a big computer, that can cost an absolute fortune." Stamper said his staffers were kept busy Monday afternoon delivering backup copies of computer tapes to clients who lost data during the power failure. "They're calling us saying, 'Bring the tapes back out,'" Stamper said. "They either need a section of their computer records or need to reconstruct their lost data. If that was a blip, that was a hell of a blip." His customers, which include several large area companies, were also reluctant to discuss problems that arose with their mainframe computers. "They don't want people to know how vulnerable their systems are," Stamper said. ------------------------------ Date: 16-JUN-1989 16:56:11 GMT From: ZDEE699@elm.cc.kcl.ac.uk Subject: Re: Computer electrocutes chess player who beat it! In RISKS-8.75, Gene Spafford (spaf@cs.purdue.edu) writes about the Soviet computer which zapped his opponent when the opponent was about to beat him... Some may say this is bogus... but it is in fact perfectly possible. According to the message, this is no normal computer. It is dedicated to playing chess and moves its pieces on the chess board. This is possible by magnetising the chess pieces, and moving them by induced electromagnetic fields in the board. The fields are induced by passing a current through loops and coils of wires which are embedded in the board. This is all to tell you that it is possible for the machine in question to use high voltages. Alternating current is no use for producing the magnetic fields wanted, so I suspect they used DC... and DC currents are LETHAL. The muscles contract when the current flows so the heart of the player would stop immediately. So one only needs a short circuit to the case of the chess board (which I suspect was made of metal and not well earthed) and the friendly computer can become a murderer. O. Crepin-Leblond, Computer Systems & Electronics, Electrical & Electronic Engineering, King's College London, UK. Disclaimers: the usual disclaimers apply... ------------------------------ Date: Thu, 15 Jun 89 17:03:24 EDT From: rsd@SEI.CMU.EDU Subject: Re: Hartford Coliseum [Rich contributed an item which I ran in Software Engineering Notes four years ago. Here is a fuller explanation. PGN] In the early morning hours of January 18, 1978, a very heavy load snow and ice from a winter storm caused the collapse of the 2.4 acre roof of the Hartford Coliseum in Hartford, Connecticut. This roof was noted for being one of the first large-span roofs made possible by computer design and analysis, and was modeled as a space truss using a trusted program. Fortunately, the several thousand fans attending a basketball game a few hours before had gone home, and the structure was empty. After long analysis of the collapsed roof, the initial failure was found to have occurred in a lateral brace used to stabilize a long, slender truss member. The immediate cause of failure was the inadequate design of the connection of the brace. The joint was modeled in the computer as having no eccentricity, an incorrect assumption. Eccentricity in a connection means (briefly) that the axis of the applied load is not the same as the neutral axis of the support, so that a bending moment is developed, putting additional stress in the member. A nonlinear collapse simluation was rerun using the correct model for the joint, and with loading conditions selected to approximate those of the night of failure. The result was that the connection failed as it had under the real conditions [1]. Quite simply, the problem here was: The structure analyzed was not the structure built. [1] Hartford Roof Failure -- Can we Blame the Computer? Epstein and Smith, Proceedings, Seventh Conference on Electrical Computation, 1979. Rich ------------------------------ End of RISKS-FORUM Digest 8.81 ************************ -------