RISKS@CSL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (11/11/86)
RISKS-LIST: RISKS-FORUM Digest, Monday, 10 November 1986 Volume 4 : Issue 9
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Risk of aging (Lee F. Breisacher)
Re: UK computer security audit (Henry Spencer)
Lost files (Norman Yusol)
Canard!! [Looping Mailers] (Lindsay F. Marshall)
Friend-foe identification (Henry Spencer)
Micros in Car Engines (Jed Sutherland)
Information replacing knowledge (Bard Bloom, Herb Lin, Jerry Saltzer)
Spelling becoming obsolete? (Ted Lee)
They almost got me! [A motor-vehicle database saga] (Mark Hittinger)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM)
(Back issues Vol i Issue j available in CSL.SRI.COM:<RISKS>RISKS-i.j. MAXj:
Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.)
----------------------------------------------------------------------
Date: 10 Nov 86 12:26:56 PST (Monday)
Subject: Risk of aging
From: Breisacher.OsbuSouth@Xerox.COM (Lee F. Breisacher)
To: RISKS@CSL.SRI.COM
From LA Times, Saturday, November 8, 1986:
G.C. Blodgett, a living legend as an outdoorsman in New England, drives a
car to his favorite fishing spots from his home in West Babylon, Mass., but
he almost quit this year when his insurance bill arrived. His son told the
Providence Journal: "He wanted to know why the premium was three times as
much as the previous year. So we called the insurance company, and after a
while, the fellow there came back laughing and explained that their computer
calculated premiums for drivers up to 100 years old. After that, it started
at the beginning again, so he was being charged the premium of a teen-ager."
Blodgett is 101.
------------------------------
From: hplabs!pyramid!utzoo!henry@ucbvax.Berkeley.EDU
Date: Sun, 9 Nov 86 08:40:40 pst
To: pyramid!CSL.SRI.COM!RISKS
Subject: Re: UK computer security audit
> The Guardian article paints a bleak picture of just how ill-prepared for
> disaster the 50 or so companies visited are. 80% are not adequately
> protected against fire, 96% are not protected against flood, (the two
> exceptions had only installed detectors after sustaining water damage
> previously), 70% don't have a stand-by power supply, ...
It is worth noting that even the companies which theoretically *are*
prepared may find their preparations wasted in practice. The first NYC
blackout caught a number of hospitals with, so to speak, their pants down.
Things like emergency generators with electric starters! Another example
that I remember was a place that had a fine emergency generator, started
up properly and actually ran for a while. Trouble was, it was in the
basement, which was below the local water table and was kept dry by pumps
running continuously. You guessed it, the pumps weren't on the emergency
power. The only people who had reliable power throughout the blackout
were the professional paranoids: the military and the phone company.
It might be worth finding out whether there was any attempt to compile a
list of such experiences from that blackout. I heard about this by chance.
(The electrically-started-generator problem was larger than it looked.
Modern power plants need startup power for things like pumps and control
systems. No need for emergency generators, you can always get startup
power from the network. But what do you do when the *whole* network is
down? A combination of luck and improvisation sufficed that time.)
Henry Spencer @ U of Toronto Zoology
{allegra,ihnp4,decvax,pyramid}!utzoo!henry
------------------------------
Date: Sun, 9 Nov 86 18:57 EST
From: <CS117341%YUSOL.BITNET@WISCVM.WISC.EDU>
Subject: Lost files
To: risks-request@sri-csl.arpa
[After a request to resend missing copies of RISKS-3.92, 4.1 and 4.2]
I believe these files were lost on the net on 3 Nov. Apparently, one of
the computers on Bitnet had a severe hardware crash and lost about 1500
files... Unfortunately, I don't have any more info on this. Norman
[This happens far too often. I presume we need some research on
really reliable, "guaranteed-service" protocols. On the other hand,
the computational cost associated with such algorithms may be far too
high for just sending net mail, and besides there is no such beast that
will work correctly under all possible circumstances. PGN]
------------------------------
From: "Lindsay F. Marshall" <lindsay%cheviot.newcastle.ac.uk@Cs.Ucl.AC.UK>
Date: Mon, 10 Nov 86 09:40:12 gmt
To: risks@csl.sri.com
Subject: Canard!! [Looping Mailers]
Let me hasten to assure the RISKS list that the 20 messages reported by
PGN were not generated by our mailer at Newcastle as far as we can tell.
I think that the problem was much further down the line. Lindsay
[I thought about changing the SUBJECT line of this message to make it
more explicit, but then I would be guilty of being a Canard Liner.
However, since the implication of "canard" ("a fabricated story") is
meaningful, I did not want to duck it. (An aquacktive nuisance.)
Can anyone else provide a report of this happening elsewhere at
the same time, on or around Friday, 7 Nov 86, 13:05:21 gmt? PGN]
------------------------------
From: hplabs!pyramid!utzoo!henry@ucbvax.Berkeley.EDU
Date: Sun, 9 Nov 86 08:41:08 pst
To: pyramid!CSL.SRI.COM!RISKS
Subject: Friend-foe identification
In the course of catching up on Flight International (the British analog to
Aviation Leak), I ran across an interesting item in the 7 June 1986 issue.
The UK Ministry of Defence officially admitted that a British helicopter,
shot down in the Falklands War with all four aboard killed, was downed by
a Sea Dart missile from a British destroyer. On 6 June 1982, HMS Cardiff
reported shooting down an Argentine helicopter flying in darkness toward
Port Stanley. It was actually a British Army Gazelle on a resupply flight
between Darwin and Mount Pleasant. The lack of Argentine wreckage and
the coincidence of timing were noticed, but a forensic investigation was
unable to establish a firm connection. Forensic tests in the last year or
so have pretty much settled the question. MoD apparently won't discuss
how the misidentification occurred.
(This sort of thing is far more common in combat than most people think. In
WW2 there was a standing joke about how antiaircraft gunners decided whether an
aircraft was friendly or hostile: approaching = hostile, receding = friendly.)
Henry Spencer @ U of Toronto Zoology
{allegra,ihnp4,decvax,pyramid}!utzoo!henry
------------------------------
Date: Mon, 10 Nov 86 09:32:27 pst
From: jed sutherland <jed%noah.arc.cdn%ubc.csnet@RELAY.CS.NET>
To: risks@CSL.SRI.COM
Subject: Micros in Car Engines
Considering the amount of duties undertaken by micros in today's
automobiles, I can only conclude that it is a case of "Because we can do
it". Sure, computer controlled fuel injection is very efficient and is a
good idea. But my brother just bought a new BMW with all sorts of standard
stuff on it. It will tell you the outside temperature, warn you when the
temp is low enough that the roads are likely to be icy, etc. The radio is
more complicated than the oil pressure, water temperature indications.
I am also amazed at the fact that one can buy a car with totally digital
instrumentation. What possible advantage can there be to all of this?
I noted a while back that when boosting the newer car, one runs the risk of
blowing any computer that may be on board due to power surges. These things
cost about $1000 to replace. Most mechanics nowadays are trained to identify
the faulty module and replace it without trying to find the bad component.
I think that the average driver loves all the pretty lights but doesn't
usually use all his instruments anyway. For one thing, most drivers seem to
be able to handle very little at one time and it is all they can do to keep
the car between the lines. They don't need more distractions provided by
today's auto-toys.
Jed Sutherland
------------------------------
Date: Sun, 9 Nov 86 17:41:55 est
From: Bard Bloom <bard@THEORY.LCS.MIT.EDU>
To: RISKS@CSL.SRI.COM
Subject: Information replacing knowledge
> As I see it, one of the greatest risks of widespread computing is that
> we'll all stop learning...
Most of the time, people learn things because someone (often the person
herself) thinks the things are useful. So, for instance, very few Americans
this decade know a whole lot about the care and tending of a horse or about the
growing seasons of various plants, despite the fact that these were vital facts
for much of the American population a century or two ago. Mathematics (e.g.,
things like algebra and basic set theory) have become a lot more popular.
As the environment changes, the set of things chosen as "essential knowledge"
changes. We may expect to see this continue, and a good thing too. I don't
*want* to know a lot about mucking out stables.
Some might argue that some things are good to learn in and of themselves.
I'd agree for some areas (e.g., the arts), and disagree for others (e.g.,
spelling).
> Are we reaching the point where being an expert simply means having a large
> computer database, as opposed to years of learning and knowledge?
I hope not. We might be reaching the point where being an expert means having
a large computer database as well as knowing the subject well. This is not
particularly different in character from having a large physical library in
one's area of expertise, which most experts do. Part of the point of expertise
it that one can do things that aren't in one's library or database.
> I don't think we're there yet, but I fear that our society's heavy
> emphasis on "information" and computing might be leading us there.
Possibly so. I've noticed a general feeling that computer answers are more to
be trusted than human ones.
Bard Bloom, MIT
------------------------------
Date: Sun, 9 Nov 1986 15:52 EST
From: LIN@XX.LCS.MIT.EDU
To: <DAN09697%NUACC.BITNET@WISCVM.WISC.EDU> (Daniel G. Rabe)
Cc: risks@CSL.SRI.COM
Subject: Information replacing knowledge
From: <DAN09697%NUACC.BITNET at WISCVM.WISC.EDU> (Daniel G. Rabe)
As I see it, one of the greatest risks of widespread computing is that
we'll all stop learning. We've got spelling checkers, so why bother
learning to spell?...
It's an old fear. It was said about Xeroxing -- and who has not had the
experience of copying an article in the hopes that its information would
seep from the file cabinet to the brain? It was said about books and
printing -- and who has not bought a book without the same experience. It
was apparently even said about writing -- and who has not wished that (s)he
could speak as well as (s)he could write?
That's not to say that all these fears are unjustified. But it is not
new with the advent of computers.
------------------------------
Date: Sun, 9 Nov 86 18:52:04 EST
To: RISKS FORUM (Peter G. Neumann -- Coordinator) <RISKS@CSL.SRI.COM>
Subject: Information replacing knowledge
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
> [...] some professional writers noticed that their sentences were
> becoming shorter [...], as they relied on a 40-column, 8-line display...
From what I have seen of the output of some professional writers, that is a
RISK that I am willing to tolerate, perhaps even encourage.
Jerry
[It even sounds like a fine idea for RISKS contributors. PGN]
------------------------------
Date: Mon, 10 Nov 86 00:11 EST
From: TMPLee@DOCKMASTER.ARPA
Subject: Spelling becoming obsolete?
To: Risks@CSL.SRI.COM
Yes, spelling checkers are allowing students to get by without learning to
spell -- *and the schools are endorsing that trend*! I have yet (slight
hyperbole here) to get over the words I heard three years ago from our
oldest son's seventh-grade English teacher (yes, "English"). It was during
the beginning-of-the-year parents' orientation meeting where we have the
opportunity to meet all the teachers and hear their plans for the year. I
can't remember the precise context any more, but I think we had asked some
kind of question about whether she took spelling into consideration in
grading compositions. The answer was roughly this: "Not very much -- after
all, all these kids will be using word processors in the future and won't
have to know how to spell." Fortunately this view was not shared by most of
the rest of the teachers. (The school district, by the way, and the
particular junior high itself, is among the top few percent in the country,
as judged by scores on the SAT and the various awards it has received.)
------------------------------
Date: Sun, 9 Nov 86 15:57 EDT
From: <SYSMSH%ULKYVX.BITNET@WISCVM.WISC.EDU>
Subject: They almost got me! [A motor-vehicle database saga]
To: risks@csl.sri.com
I scored big on some DEC call options recently. I used the proceeds to
purchase an expensive 87 turbo mazda RX-7. After driving it for a month I
realized my driver's license had been expired for a year. Kentucky sends you
a post card when it is time to renew. I simply assumed that mine got lost
somehow and went downtown to renew. They took my license and told me it was
suspended in February of 85! Arg! Since my license was suspended I did not
get a renewal notice.
The clerk was very helpful and gave me a phone number to call. I called the
number and the gentleman on the other end told me that because my license
was issued under an older system, it would be awhile before he could
retrieve my record and tell me why the suspension occurred. The State was
switching over to a social security number based system, and evidently the
old system existed only in hard copy form. He then said, "By the way, may I
have your social security number? Please call us back after lunch and we
should have some information for you."
I called back and found out that a speeding ticket obtained in February of
85 had pushed me to the limit of "points" and that the state had sent me a
notice to appear at court to plead my case. If I had shown up, the judge
would have given me "traffic school" and I would have kept my license. I
never received any notice. I didn't show up in court so they suspended my
license for 6 months in retaliation. I asked the clerk on the phone to tell
me where they sent the notice. He said "6103 glimmer way apartment 4".
After finding out what the procedure for getting my license back was I
thanked the clerk for his assistance.
(Plot thickens here) In 1981 I lived at 8103 glimmer way apartment 4. In
1982 I moved from there, and sent the state a letter informing them of my
change in address. I did not include my social security number. Since the
state was converting from an older system to the new SSN based system the
address change did not get made. Evidently, they just re-entered all the
data from the old system to the new system and mis-keyed my address. State
law states that my obligation was to inform them of a change in address.
So, bottom line, I was driving from March 85 to November 86 with a suspended
driver's license. I continued to pay auto insurance. I rented cars during
several business trips (I consult on the side). I get another(!) speeding
ticket on the interstate. The officer called in to "run" my license, but
since it was "old-system" they didn't give him the info that I was
suspended. I drove off, paid the fine, never heard anything. My car was
towed twice for being parked improperly, I paid the fines, showed my
license, got the car back twice.
Here is the real kicker. My insurance company states clearly that they are
not liable if I have an accident without a valid driver's license. The loan
on the unfunded portion of my sleek black RX-7 states that if I don't
maintain insurance I can be sued for the loan. What if....I had gotten in
my RX-7 and wiped out some people and the car? I'd have been found to be in
violation of the law, been denied insurance coverage, lost the funds I put
in to the car, and still been liable for the remaining portion of the loan I
took out!!!!
Well I have my license back now, smiling in my RX-7 (insured). I feel VERY
lucky that nothing happened to me. The total cost for me to get out of this
one was $38! It makes me wonder if there others are in the same boat (massive
personal liability indirectly induced by a change from one computer record
system to another). I just fell through the cracks and didn't even know it.
Mark Hittinger/systems programmer iv/ocis south center
University of Louisville, Louisville, Ky 40292
sysmsh%ulkyvx.bitnet@wiscvm.wisc.edu
------------------------------
End of RISKS-FORUM Digest
************************
-------