risks@sri-csl (09/13/85)
From: RISKS FORUM (Peter G. Neumann, Coordinator) <RISKS@SRI-CSLA.ARPA>
RISKS-FORUM Digest Friday the 13 Sep 1985 Volume 1 : Issue 12
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
Peter G. Neumann, moderator
Contents:
Wire-Transfer Risks; Risk of Non-application of Technology (Jerry Saltzer)
Date-Time stamps (and errors therein) (Ted M P Lee)
JMC's remarks (Joseph Weizenbaum)
Subjective Factors in Risk Assessment (Lynne C. Moore)
Moral vs. Technological Progress (Charlie Crummer)
[*** MODERATOR'S NOTE. SOME OF THE SDI-RELATED DISCUSSION MAY BE
DEGENERATING INTO A NONCONVERGENT ITERATIVE LOOP. LET'S TRY TO STICK A
LITTLE MORE TO COMPUTER-RELATED ISSUES, ALTHOUGH I RECOGNIZE THAT THE
TECHNICAL ISSUES MAY BE OVERWHELMED BY NONTECHNICAL ISSUES. BUT PLEASE DO
NOT INTERPRET THIS AS AN ATTEMPT TO SQUELCH MEANINGFUL DISCUSSION. PGN ***]
(Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA)
(FTP Vol 1 : Issue n from SRI-CSL:<RISKS>RISKS-1.n)
----------------------------------------------------------------------
Date: Fri, 13 Sep 85 10:51 EDT
From: Saltzer@MIT-MULTICS.ARPA
Subject: Wire-Transfer Risks; Risk of Non-application of Technology
To: RISKS FORUM <RISKS@SRI-CSL.ARPA> (Peter G. Neumann, Coordinator)
Re: Wire-Transfer Risks
1) The current (September, 1985) issue of IEEE Communications magazine
on page 23 suggests that it may be typical in the wholesale financial
business to carry transactions in thousands of dollars rather than in
(ones of) dollars. If so, you would think that the people responsible
for software in that business would check and recheck their specs and
the human engineering across those interfaces where dividing or
multiplying by 1000 is a possibility, wouldn't you?
2) The comment that current money prices lead to losses of about $350
per day for each mislaid million dollars seems to have been intended to
suggest that such mistakes are unacceptable. The people in the
wholesale money movement business draw an opposite conclusion: since
they can quantify their exposure so precisely, they can decide
rationally when the loss rate has become unacceptable and it is thus
worth paying someone to develop a more error-free system. (For the
price of a contract to SRI to develop a verified 1000-line program one
could probably afford to mislay IBM's entire revenue stream for a week.)
Re: Risk of Non-application of Technology
For another economically quantifiable example, the early reports on the
creation of the SABRE airline reservation system by American Airlines
explicitly mentioned a business decision, with two alternatives: invest
in two more Boeing 707's, or in developing SABRE. The first approach
provided more spare seat-mile capacity that could thus be managed with
less precision; the second offered the hope of better management of
available seat-mile capacity. Two other considerations that were
explicitly mentioned were the cost of customer disatisfaction when
reservations were dishonored (accidental overbooking, as contrasted with
intentional overbooking, was a rampant problem at the time) and the cost
to the company in lost revenue if the prospective computer were to go
down for several hours or if the entire contents of the disks were lost.
The decision to develop SABRE thus represents an example of up-front
assessment of the risk of non-application of technology, compared with
the risk of applying it.
------------------------------
Date: Fri, 13 Sep 85 12:15 EDT
From: TMPLee@MIT-MULTICS.ARPA
Subject: Date-Time stamps (and errors therein)
To: Risks@SRI-CSL.ARPA
It was an interesting coincidence that the latest Risks_Forum had a
piece related to the correctness of the time-stamp on messages. About
two days ago I logged on late (about half-past midnight, Central time)
and started going through my electronic in-basket. One of the messages
struck me: its header was time-stamped 03:56 EDT -- how could I
possibly be reading it two and a half-hours before it was sent? (yes,
the dates were right -- it wasn't from the previous night/early-AM.)
Eventually got a copy of the original from its author. The key to the
mystery is that Multics does a time-zone conversion on most (but not
all) time fields in incoming message headers. The original message's
time-zone was clearly marked as PDT, so multics dutifully added three
hours and gave me the time in EDT. When we (I and a multics guru) first
looked at just the multics version we speculated that perhaps multics
had taken the message's time-zone as GMT, which I think would have given
the same result. I also thought perhaps since the original was before
midnight and the result after, that might have been the cause. In the
process of writing this entry for the Risks forum I looked at the
original message one more time, and it struck me: for some reason the
ISI clock had been set to run on Eastern Time (00:56) but the ISI mailer
software (or something else there) thought it was keeping Pacific, hence
the PDT tag. What was further confusing was the fact that I looked at
several other messages from ISI from about the same period (two to four
days ago) and some came out right and some not. Sounds like a good
ingredient for a mystery story, at least.
------------------------------
Date: Fri 13 Sep 85 12:57:15-EDT
From: Joseph Weizenbaum <JOSEPH@MIT-XX.ARPA>
Subject: JMC's remarks
To: risks@SRI-CSL.ARPA
Contrary to John McCarthy's inference that I hold to the "general
proposition, 'Don't do it if there's a way around it'", I think that
proposition to be (even purely logically) absurd. The "way around it"
would be another "it" to which the rule would apply, and so on.
Another instance of John putting words in my mouth I didn't (and wouldn't)
utter is his "Joe Weizenbaum says that [SDI] attempts a technological
solution to a problem that should be solved morally". He makes it easy for
himself to score a point by pointing to the slowness of "moral progress"
and so on. I believe I wrote that SDI is a technological fix for a problem
that is primarily political, cultural, economic, and so on, and that it has
to be attacked in these contexts, that we must actually confront the
problem of how peoples who organize their societies differently from one
another can peacefully share the same globe. That is considerably
different from saying the problem should be "solved morally". The trouble
with technological fixes is often, and I think in this case, that they give
the impression the problem has been dealt with and that no further efforts
to deal with it are necessary. In the present instance the spread of such
an impression with respect to the peaceful coexistence of the Western and
the Eastern block nations could be fatal to the whole world.
------------------------------
Date: Fri, 13 Sep 85 13:48:04 CDT
From: moorel@EGLIN-VAX
Subject: Subjective Factors in Risk Assessment
To: RISKS@SRI-CSL.ARPA
There is a very interesting article about various types of risks and
the way that people perceive them in the October issue of _Science_85_. In
particular, it makes a couple of points that I feel are quite relevant to this
forum's discussions. First, that people respond to risks differently depending
on whether the risk is presented as a positive or a negative risk. "Because
losses loom larger than gains, we are more willing to gamble to avoid them."
Second, it points out that most people are less concerned and aware of the risksof things over which they feel that they have some control. "If we can't be
certain about the risks we face, we at least want to have some control over the
technologies and activities that produce them."
When we look for examples of the risks of using computer technology vs.
the risks of not using computer technology, we ought to keep these two ideas in
mind, and ask ourselves whether we are being truly objective about the risks
involved or are we letting other, subjective factors influence our judgement. I
recommend this article for your reading.
Lynne C. Moore (MOOREL AT EGLIN-VAX.ARPA)
------------------------------
Date: Fri, 13 Sep 85 10:56:21 PDT
From: Charlie Crummer <crummer@AEROSPACE.ARPA>
To: risks@sri-csl
Subject: Moral vs. Technological Progress
> From: McNelly.OsbuSouth@Xerox.ARPA
> In-Reply-to: NEUMANN%SRI-CSLA:ARPA's message of 13 Sep 85 01:19:23 PDT
> (Friday)
>>>Alas,
>>>moral progress has been so slow that almost the only moral problems to be
>>>even partially solved are those that can at least partially been turned into
>>>technological problems.
>>Not true, viz. cannibalism and slavery.
> Actually, it's my understanding that the demise of slavery was due to
> technological advances which made slavery economically unfeasible. The
> invention of the cotton gin, for example, made it only a matter of time
> here in the US before slavery died out. As far as cannibalism goes, I'd
> say that was more caused by Western culture steam-rolling over the
> cannibals.
> -- John --
Actually McCarthy's original comment presupposes that moral and technological
progress are comparable. It is that assumption that I disagree with. Ethics
and the attendant morality provide the context within which all activity, and
in particular technological progress, exists. Morality and technology are
not substitutes for one another and moral progress is not dependent on
technology nor vice versa. There is always technological progress attendant
to moral progress just because there is always technological progress.
--Charlie
------------------------------
End of RISKS-FORUM Digest
************************
-------