RISKS-LIST: RISKS-FORUM Digest Thursday 29 June 1989 Volume 8 : Issue 87 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: ``Student plan marred by computer mistake'' (Matthew Wall) Immigration Chief Proposes National Computer Screen (Christopher T. Jewell) Big Brother is Hallucinating (Elizabeth D Zwicky) Study finds ``pedal misapplication'' to blame for Audi surges (Jon Jacky) Computer Crime and Social Risks (Pete McVay) Reducing risks of cost overruns/project failures (Pete Lucas) Re: New Yorker Article on radiation risks (David Chase) Computerized Translations (Will Martin) ---------------------------------------------------------------------- Date: Fri, 23 Jun 89 09:45 EDT From: Matthew Wall Subject: ``Student plan marred by computer mistake'' The complete text of an article in the Boston Globe, 6/23/89. pp. 13,83 (reproduced without permission) Student plan marred by computer mistake by Diego Ribadeneira, Globe Staff In a major glitch in the new Boston school student assignment plan, a computer tape containing the names of nearly 900 students entering kindergarten this fall was lost, leaving parents unsure if their children will be able to attend their preferred schools. The snafu, discovered earlier this week, also hurts the credibility of the plan, which some critics had said was being implemented too rapidly. Some students who have already received their assignments for next year may not have gotten their top choices had the tape with the 900 applicants been properly processed, school officials said. Superintendent Laval S. Wilson said the department has not yet determined how it will remedy the problem. He said it may conduct the assignment process for kindergarten students all over again. The error occurred, according to school officials, because the lost tape had been used to test the accuracy of a program developed to assign schools to students under the new plan. The tape was not returned to be used in the computer run to assign students to schools. ``Inadvertently this tape was not merged with the other tapes...,'' said Catherine Ellison, senior officer for implementation for the Boston School Department. The lost tape contained the names of 887 children, the majority of whom will be entering kindergarten. Since the mistake was discovered, school officials have manually been able to match 344 of the children on the misplaced tape with one of their school choices. Under the plan, called controlled choice, the city is divided into three geographic zones. Parents were asked to list five choices for schools within their zone. The plan will being this fall for students entering kindergarten, first grade and sixth grade. All remaining grades would fall under the new plan in the fall of 1990. School officials had advised parents affected by the new plan to submit their applications by May 18, the first deadline for choosing a school, to have a better chance of getting their top choices. The officials acknowledged yesterday that the remaining 543 students on the misplaced tape may not get one of their preferred schools, partly as a result of the mistake. ``We will be looking at the remaining applicants to determine how well we can honor the requests,'' Ellison said. ``We will do as much as we can with the best interests of the parents in mind. I won't sit here and promise something I cannot deliver. We hope to attempt to honor one of the parents choices.'' Kathy Satut listed the New Agassiz School in Jamaica Plain as her first choice. ``I called up Wednesday and that's when they told me they had lost the tape.'' Satut said. ``I couldn't believe they had done that. Now I don't know what's going to happen. Am I going to be penalized for their mistake? What was the point of trying to get the application in on time. I think they should all be fired. I'm very, very upset.'' School officials said they are trying to insure that the percentage of students from the misplaced tape who get their first choice will be about the same as that for the students assigned schools from the first computer run. They said they hope to complete assignments for kindergarten students by the weekend. News of the error angered some school observers who said it comes at a time when various reforms are being undertaken in an effort to lure new students to the system. ``It's pretty outrageous,'' said Paula Georges, executive director of the Citywide Education Coalition. ``It undermines the credibility of the plan.'' [End of Text] [The most obvious implication of this incident is the importance of having a backup. And why oh why weren't they using a *copy* of the data to do their testing?!? The article merely hints at some intriguing characteristics of the Boston Schools' DP department. What disturbs me about this is that the plan is an important step in the troubled recent history of the Boston schools towards equitable access to various resources within the schools, by allowing parents to make an informed choice for their child as to which school to attend. This ``snafu'' has created the perception of arbitrary school assignments. Further, I suspect the complicated nature of giving the maximum number of students one of five top choices involves so many permutations that computer processing is essential to proceeding with the plan; as the article reveals, the ``credibility'' of both the plan, and most likely the role of computer processing, has now been called into serious doubt.] ------------------------------ Date: Fri, 23-Jun-89 15:14:14 PDT From: chrisj@cup.portal.com Subject: Immigration Chief Proposes National Computer Screen Friday June 23 N Y Times, p. A10: By Roberto Suro, special to the NYT LA JOLLA, CA, June 22 -- The Commissioner of Immigration and Naturalization, Alan C. Nelson, today proposed a nationwide computer system to verify the identities of all job applicants in order to halt the widspread use of fraudulent documents by illegal aliens seeking jobs. Mr Nelson also suggested standardized identity cards for immigrants so as to get fuller compliance with a 1986 law prohibiting employment of illegal aliens. Creating a national identity card and other ways of checking legal status or identity have been repeatedly suggested in Congress as tools in fighting unlawful immigration, but have also been consistently rejected as potential infringements on civil liberties. [15 column-inches deleted] The national computerized database on everybody is one bad idea that simply refuses to stay dead, no matter how many times we drive a stake through its heart---if the INS ("Search warrants? We don't need no stinking search warrants!") didn't resurrect it, the drug czar or the FBI would. "Eternal vigilance ...". On the other hand, it appears to me that most informed citizens by now understand the risks involved: computer professionals no longer have to fight this battle alone. The identity-card stuff I suppose belongs in talk.politics.misc: I won't go into it here. Chris chrisj@cup.portal.com sun!cup.portal.com!chrisj (Christopher T. Jewell) chrisj@netcom.uucp apple!netcom!chrisj ------------------------------ Date: Thu, 22 Jun 89 10:49:32 EDT From: Elizabeth D Zwicky Subject: Big Brother is Hallucinating I've seen a fair number of articles in the press lately warning people about how sophisticated advertisers are getting in keeping databases and targetting particular groups. I wonder if any of their authors has been getting the targetted junk mail I have. Oh sure, I get junk mail targetted towards Mazda owners, because I bought one recently - but I get equally large amounts of junk mail for Camry owners, that being the car I sold when I bought the Mazda. Some of my junk mail is targetted to childless single mid-twenties women; then again, the same week brought me mail that confidently announced that the coupons inside were specifically targetted towards "growing families like mine, with young children" and mail that confidently announced that I had now reached "an interesting age" (from context, they meant I was over 40) and my children were all grown! Not to mention the advertisements that begin "Men like you..." I understand why they think I own a Toyota; I have a vague concept that my growing family was a guess based on the date of my marriage certificate, which definitely made its way into databases. I am at a loss to explain how anybody became certain that I was over 40, or that I was male. I also wonder why (and how) people manage to keep such careful track of car purchases but not sales, marriage but not divorce... My mother, who has been dead nearly 5 years, has reached retirement age in the databases that are preserving her memory for the advertisers of America. All in all, I don't think I'll worry about Big Brother watching me in order to sell things to me. Elizabeth Zwicky ------------------------------ Date: 23 Jun 1989 11:44:31 EST From: JON.JACKY@GAFFER.RAD.WASHINGTON.EDU Subject: Study finds ``pedal misapplication'' to blame for Audi surges Here are excerpts from IEEE INSTITUTE, July 1989, p. 8: ``Study finds `pedal misapplication' to blame for Audi surges'' by Karen Fitzgerald The Audi 5000 has largely been vindicated in claims over the last four years of sudden, out-of-control acceleration, but a U.S. National Highway Traffic Safety Administration (NHTSA) study released in March also cautioned that pedal design and minor engine acceleration may have caused drivers to apply their foot to the accelerator instead of the brake. ... The study, ``An Examination of Sudden Acceleration,'' explored ... electromagnetic and radio frequency interference and malfunctions in cruise control, electronic idle-speed control systems, computer-controlled fuel injection systems, transmissions, and brakes. The investigators could find no mechanism --- besides actuation of the gas pedal --- that would open the throttle sufficiently to accelerate any of the cars studied at full power. However, there was evidence of minor surges of about three-tenths of the Earth's gravity for 2 seconds caused by electronic faults in the idle stabilizer systems of the Audi 5000 ... the surge could startle a driver enough to accidentally push the accelerator instead of the brake, the study found ... Moreover, the travel of the pedals and their height off the floor make it possible for engine torque to overtake brake torque when the pedals are applied simultaneously ... [ more about this, including a graph indicating unusually problematic placement of pedals in the Audi ]. The NHTSA took pains to call the problem ``pedal misapplication'' rather than ``driver error,'' as Audi first characterized the problem. ... ``Driver error may imply carelessness or wilfulness in failing to operate a car properly,'' said an NHTSA press release announcing the study. ``...(sudden acceleration) could happen to even the most attentive driver who inadvertantly selects the wrong pedal and continues to do so unwittingly.'' - Jon Jacky, University of Washington ------------------------------ Date: Thu, 29 Jun 89 05:42:19 PDT From: pmcvay%comcad.DEC@src.dec.com (Pete McVay, TAY2-2/F14, 227-3598) Subject: Computer Crime and Social Risks Social Comment: Are computer criminals, and is computer crime, treated differently than other crimes? RISKS DIGEST 8.85 (28 June) carried two separate stories on hackers, their motives, and the results of their "activities". In one case, a teenager managed to crack the code of an Air Force satellite and was able to read confidential information of at least 200 companies: "He hoped to use his know-how to persuade the companies to hire him as a computer security consultant, police said." The second article reported that "Firms in the City of London are buying the silence of hackers who break into their computers and steal millions of pounds." I have personal knowledge of similar incidents of both types: o One hacker, very notorious to telecommunications security people, was finally apprehended, and some of the on-line evidence in his personal accounts showed that he had planned to use his cracking expertise to get a job in the computer industry. o I have never heard of any payoffs, such as are reported in the second article--but it is well known among security and legal consultants that companies will often drop a hacker case because of fear of publicity. In fact, some of the security experts have been "turned to the dark side of hacking": frustrated by their own company's refusal to crack down on lawbreaking, they have become phone phreaks and crackers themselves. There is a persistent piece of folklore that criminals in nonviolent crimes are often hired as consultants by the industries or governments they victimized. I can't remember the source exactly--but I remember a report a few years back from some U.S. Government enforcement agency that such things are very rare; in fact, the incidents of such hiring are all well documented as special cases. But in computer crime it appears to be a norm that criminal activity will go unpunished, and might even be rewarded. If the social controls aren't in step with legal controls, then the best laws and enforcement systems are worthless. Companies and governments publicly decry cracking of all types: they often state that the public should be educated that breaking into telecommunications circuits (computers or otherwise) is a crime. Yet these same companies/agencies refuse to enforce existing laws--and some crackers have been hired as consultants or paid off. I don't pretend to have a good answer to this problem. Perhaps the "social" definition of computer crime needs to be changed; maybe we're dealing with a new and different kind of social behavior and the rules must be examined. Personally I favor more enforcement of existing laws, perhaps backed up with a new law that would not allow companies/agencies to drop charges once an arrest was made (a frequent occurrence). However, something needs to be done: as long as this social/legal dichotomy exists, no progress (or protection) exists for the socially responsible hacker and computer user. ------------------------------ Date: Wed, 21 Jun 89 16:02:32 BST From: "Pete Lucas, NERC Swindon UK." Subject: Reducing risks of cost overruns/project failures Much of recent discussions have been relating to products which have no guarantee of working (missile systems). From a purely technical point of view this reflects badly on the procurement process. Would you buy a dishwasher/TV/microwave/automobile/aircraft if you couldn't see a working model (and what's more, try it for yourself) first? Wouldn't you expect it to come with a warranty against faulty design or workmanship? Surely when DoD pays billions of dollars for a weapons system, the taxpayer is entitled to expect that the supplier will provide a meaningful warranty, and that any failures will be pursued in a rigorous and thorough manner (i.e. through the courts).. There appear, to my way of thinking, two areas of conflict:: 1) In a large project, involving many thousands of man-years effort, it is (almost) impossible to, at some point, admit that there's been a mistake made previously - this leads to embarassment and red faces all round. Hence, previous mistakes, misunderstandings etc. get fossilised into the system at an early stage and are never undone. There is no easy way of avoiding these sorts of problems when the coverup may only come to light when the article/project is completed (by which time it's too late to do anything about it as the money has all been spent.....) 2) It is difficult to test all the way through the development cycle - with many projects you don't know if it's all going to work together until someone turns both keys at the same time........ If nothing happens at that point, it's too late to consult your lawyer. Modularisation, structured methods etc. can go some way towards making sure that the obvious incompatibilities are avoided, but there's no substitute for live testing in a real-world situation. Solutions - well i am a confirmed minimalist when it comes to these areas, 'Keep-it-simple-Stupid' (KISS) technology can avoid a number of possible failure modes (and save money too - why buy one very sophisticated system when you can have more less complex (and hence probably more reliable!) ones? The `if it isn't there it won't go wrong' argument against complexity is a powerful one - minimising component count by eliminating unnecessarily complex functionality means that the thing will be more likely to work when you need it to. It also keeps the human-count down (and as we all know, people are the most error-prone and irrational parts of any system!). Remember that the number of failure modes increases dramatically with the number of points of failure. If a large company intended to sell me some device, i would insist on a test-drive, on MY chosen patch (so the supplier couldn't present his device under the most satisfactory conditions) and if the supplier couldn't deliver, then he sure wouldn't get the cash! It's amazing how withholding payment will concentrate the minds of people. `Cost-plus' contracts are a mistake too, as you don't know what the final cost will be. The classic example here is the British 'Nimrod' project - a plan to produce a radar-plane functionally equivalent to AWACS - after ten years and nearly a billion pounds of funding, it was scrapped (and AWACS bought...). If I had been the UK government, someone somewhere wouldn't be in business any more.... After all, we all pay TAXES (don't we?) and so it's OUR money and i think we should EXPECT things to WORK when the time comes..!!! Pete Lucas [This contribution covers ground that will be familiar to many RISKS readers, and is somewhat OVERsimplified, but nevertheless makes some good points. PGN] ------------------------------ Date: Tue, 27 Jun 89 13:37:01 -0700 From: chase@orc.olivetti.com Subject: Re: New Yorker Article on radiation risks (RISKS 8.82) The third part in the series is on radiation and alleged health problems associated with VDTs. It is worth reading -- it was sufficiently detailed to give a former "they should have accounted for job stress" skeptic (me) reason to wonder. Several points taken from the series (as recalled and interpreted by me): 1) consider *magnetic* fields, not just *electrical* fields (easier to shield against electrical fields) 2) The strength and range of magnetic fields depends on geometry and current -- the low-voltage distribution lines in your back yard may emit just as strong a magnetic field as the high voltage lines through some farmer's fields. Though magnetic fields fall off rapidly with distance, fields from large "coils" extend farther than fields from small "coils" (that is, house- hold appliances are much smaller than power distribution systems, and thus their magnetic fields are of different shape and size). 3) consider not just VDT operators, but also people sitting around the VDT operators (there's the horizontal deflection coil which emits a 10s of KHz sawtooth, and the vertical deflection which emits a 50-100 Hz sawtooth. The strong portions of those fields may not extend directly to the front of the VDT). 4) be careful, in general, when people quote "average" figures at you; the repetitive peak power is also an important figure. The frequency spectrum is also interesting -- harmonic effects have been observed. 5) There have been studies (on magnetic fields in general). Effects have been observed, both statistically (leukemia stats) and experimentally (abnormal development of fetal chickens and mice). The mechanism, if any, is unknown. *Interactions with the ambient (i.e., earth's) magnetic field have been observed* -- this affects repeatability of experiments if not controlled for. David ------------------------------ Date: Thu, 22 Jun 89 15:54:04 CDT From: Will Martin Subject: Computerized Translations Thanks to Bhota San for the posting on the Canadian computer-translation item. This reminded me of something I had just seen in a recent paper, and which struck me as odd at the time. However, since I didn't know what the curent state-of-the-art was in computerized translation, I didn't realize at the time that this precis of a US Army Request for Proposal represented some really pie-in-the-sky hopes for a fantastic level of AI in automated translation! Here is the item, from the "CBD Watch" column [CBD = Commerce Business Daily] on page 24 in the June 5, 1989 issue of Federal Computer Week: Army. Software for language translation. Software must be capable of translating from English to German, Spanish, French, Italian, Japanese, Korean, Chinese and Portugese. It must provide idiomatic, verbatim translation of such documents as military specs, international legal agreements, correspondence, reports, studies and military briefings on doctrine, combat developments, training and materials. It must be MS-DOS compatible and capable of translating military terms and syntax. Contact Barbara Smith, TRADOC Contracting Activity, Building 1748, Fort Eustis, VA 23604-5538, (804) 878-4053. ***End of item*** Hmmm... So these people expect this to run on a PC, too... (note the "MS-DOS" reference...) "TRADOC" is the Training and Doctrine Command, by the way. I can see why they would want to be able to translate stuff for the training of allied personnel. However, based on the info in the previous posting, it sure seems unlikely they are going to get what they want! Also, the RISKS implications of this are rather stupendous. To expect software to translate both military jargon, circumlocution, and tortured governmentese prose, and at the same time handle the diplomatic nuances of "international legal agreements" is a bit much, I think... Most multi-lingual humans would have difficulty doing that. Will Martin ------------------------------ End of RISKS-FORUM Digest 8.87 ************************ -------