RISKS@CSL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (09/03/86)
RISKS-LIST: RISKS-FORUM Digest, Tuesday, 2 September 1986 Volume 3 : Issue 48 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Aeromexico Crash (UPI via PGN) Air Force puts secrets up for sale (Peter G. Neumann) Randi, Popoff, and Data Privacy Laws (Phil Karn via Geoff Goodfellow) Flight Simulators Have Faults (Gary Whisenhunt) On-Line with Taco Bell Telephone (John Mulhollen) Titanic photo expedition (Lindsay F. Marshall) New Zealand $1 million deposit (Dave Sherman) Examination Processing Error (Joe Stoy) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:<RISKS>RISKS-i.j. Summary Contents in MAXj for each i; Vol 1: RISKS-1.46; Vol 2: RISKS-2.57.) ---------------------------------------------------------------------- Date: Tue 2 Sep 86 09:59:20-PDT From: Peter G. Neumann <Neumann@CSL.SRI.COM> Subject: Aeromexico Crash To: RISKS@CSL.SRI.COM The New York Times news summary, Tuesday, 2 Sept 1986, had this item on the LA plane crash. New York - The California plane collision Sunday occurred in a government-established restricted zone where the private plane that was destroyed in the collision with an Aeromexico DC-9 was not authorized to fly, the Federal Aviation Administration said. An FAA spokesman also said the controller guiding the DC-9 could not have radioed warnings to avert the collision because ''as far as we can determine'' no radar blip designating the small plane appeared on his scope. The controller did not know of the small plane's existence, the spokesman said. A SF Chron report on the same day indicated that the controller in question was distracted by the pilot of another private plane, with whom he was having a two-minute interaction -- during which time the crash occurred. PBS added several more pieces to the puzzle. The pilot of the private plane (a Piper Archer) apparently had had a heart attack just before the crash. The private plane did indeed appear on the controller's radar after all. However, it was not equipped with an altitude-measuring transponder, so the controller had no idea whether or not there was any danger. The death toll is 64 on the jetliner, 3 on the Piper PA-28, and at least 18 on the ground. ------------------------------ Date: Tue 2 Sep 86 16:00:31-PDT From: Peter G. Neumann <Neumann@CSL.SRI.COM> Subject: Air Force puts secrets up for sale To: RISKS@CSL.SRI.COM Fred Ostapik went off to Ashland, Oregon, for some Shakespeare plays, and brought back this clipping from the local Ashland paper of 23 August 1986: Audit: Air Force put secrets up for sale Washington (UPI) -- A military audit, examining the latest lapse in Pentagon security, says the Air Force inadvertently allowed computer tapes containing ``sensitive, unclassified'' data to be auctioned off to the public. The Air Force Audit Agency found more than 1,200 magnetic tapes containing the data -- dealing with launch times, aircraft tests, and launch and aircraft vehicles -- available for public purchase at three key bases... Auditors said they found 1,980 analog tapes available for purchase, 64 percent of which had not been erased and contained sensitive unclassified data. Five of the seven installations checked had inadvertently made secret tapes available to the public. ------------------------------ Mail-From: GEOFF created at 2-Sep-86 12:16:02 From: Phil Karn <karn@ka9q.bellcore.COM> Subject: Randi, Popoff, and Data Privacy Laws Date: 31 Aug 86 02:29:11 GMT Organization: Bell Communications Research, Inc ReSent-To: RISKS@CSL.SRI.COM Original-Subject: I wonder if the Congress considered this one I picked up a copy of the magazine "Free Inquiry" at the bookstore today. The cover article was written by James Randi (the magician who debunks lots of ESP frauds). In fact, the magazine seems to be run by the same folks who do the Skeptical Inquirer, but is slanted more towards religious debunking. Randi's article was titled "Peter Popoff Reaches Heaven via 39.17 Megahertz". Popoff is one of the most notorious TV faith healers. Randi's group went to the shows and noticed that Popoff wore a hearing aid. Then they got a scanner and quickly found the frequency his wife was using to tell him the names and ills of people whom she had pumped for information before the show. Now ponder the fact that the proposed Communications Privacy Act now pending in the US Senate would have made this expose' illegal. The conversation was meant to be private, and Popoff certainly would have objected to its interception. Could there be a connection here? Hmm...... Phil ------------------------------ Date: Tue, 2 Sep 86 10:35:47 cdt From: Gary Whisenhunt <gwhisen%ccvaxa@GSWD-VMS.ARPA> To: RISKS@CSL.SRI.COM Subject: Flight Simulators Have Faults I developed flight simulators for over 7 years and could describe many such bizarre incidents. I seriously doubt that the sky went blank in the B-1 simulator when it was delivered to the government. Military simulators have formal acceptance tests that last for months. The last one that I worked on had a test procedure over 12 inches thick. To point out a failure during testing (or more likely development) seems meaningless. Failures that make it into the actual product are what should be of concern. Most flight simulators procured by the Air Force and the Navy require Mil-Std 1644 or Mil-Std 1679 to be followed when developing software. These standards detail how software is to be developed and tested. The standards are fairly strict and exhaustive. This is to ensure product correctness even if it incurrs greater costs. It would be interesting study for a class in Software Engineering. The greatest risks that I see from flight simulators (especially military) is that the simulator often lags behind the aircraft in functionality by a year or 2. Simulators require design data to be frozen at a certain date so that the simulator can be designed using consistent, tested data. After 2 years of development, the aircraft may have changed functionaly (sometimes in subtle ways) from the simulator design. The effect is much more dramatic for newer aircraft than it is for more established ones. The simulator is upgraded, but during the upgrade period pilots train on a simulator that is mildly different from their aircraft. As for the effectiveness of simulators, I've been told by more than one pilot that the simulator saved his life because he was able to practice malfunction conditions in the simulator that prepared him for a real emergency that occurred later. Gary Whisenhunt Gould Computer Systems Division Urbana, Ill. [I thought that by now these simulators were designed so that they could be driven by the same software that is used in the live aircraft -- a change in one place would be reflected by the same change in the other, although changing the application code without having to modify the simulator itself. Maybe not... PGN] ------------------------------ Date: Mon 1 Sep 86 22:32:00-PDT From: John Mulhollen <JOHNM@USC-ECLC.ARPA> Subject: On-Line with Taco Bell Telephone To: Neumann@CSL.SRI.COM ReSent-To: RISKS@CSL.SRI.COM It seems that more and more fast food places are switching from the old-fashioned cash register to computerized ones that enable management to get reports on how many burgers we sold today between 10pm and 11pm, the average number of tacos per patron, or how many french fries were wasted. [Results are automatically telecommunicated back to headquarters. PGN] However, along with the capability for better-informed management, the capability for unbelievable confusion also increases. Case in point -- our local Taco Bell has been "computerized" for almost 9 months now (equipment from Par Microsystems in NY) and patrons and employees alike have become accustomed to not getting receipts, and other quirks. Last week, the computer "locked up" (their term) just as I arrived. It was also just before the noon rush. The employees behind the counter did not know what to do. Do we take orders (on paper) and wait for the machine to come back up? Do we tell the customers to go away? It appears that with all this wonderful automation, the employees were incapable of 1) figuring out what to do; 2) taking orders without the computer; and 3) figuring out not only the total due for each patron, but the amount of change to return!! When I was working my way through school, I did a brief stint at a local taco joint. We had an "old-fashioned" cash register (it didn't even compute the change -- how backward can you get!!) and we did just fine. When it didn't work, we just used a pad of paper (we knew all the prices and such). Apparently one of the risks to society of the increasingly wide-spread use of computers is the possibility of losing the ability to think and reason. JohnM ------------------------------ From: "Lindsay F. Marshall" <lindsay%cheviot.newcastle.ac.uk@Cs.Ucl.AC.UK> Date: Mon, 1 Sep 86 09:10:44 gmt To: risks@csl.sri.com Subject: Titanic photo expedition There was a program last night on ITV about the Woods Hole expedition to the Titanic. During the first dive, the program that was being used to help locate the ship "developed a mind of its own" and the people on the support ship had to guess headings for the sub to follow. Does any one have information on this?? Lindsay ------------------------------ From: mnetor!lsuc!dave@seismo.CSS.GOV Date: Tue, 2 Sep 86 14:22:27 edt To: mnetor!seismo!CSL.SRI.COM!RISKS@seismo.CSS.GOV Subject: New Zealand $1 million deposit (RISKS-3.41) >Bank machine is no match for schoolboy with a lollipop > > AUCKLAND, New Zealand [UPI] -- A schoolboy outsmarted an automatic >bank machine by using the cardboard from a lollipop packet to >transfer $1 million New Zealand dollars into his account, bank >spokesmen said Thursday. As the article indicates, this wasn't caught because of delays in reconciling the physical deposits with the computer records (4 WEEKS? my bank does it in a day!). I find it somewhat misleading and irritating that the media choose to make a big deal about the lollipop packet. Obviously, he could have fed in an empty envelope just as easily. But "outsmarted ... by using the cardboard from..."? I guess this is one of the RISKs of having reporters who feel they need to make their stories interesting. Dave Sherman, The Law Society of Upper Canada, Toronto { ihnp4!utzoo seismo!mnetor utzoo hcr decvax!utcsri } !lsuc!dave ------------------------------ Date: Mon, 1 Sep 86 13:56:43 GMT From: Joe Stoy <stoy%sevax.prg.oxford.ac.uk@Cs.Ucl.AC.UK> To: risks <@Cs.Ucl.AC.UK:risks@csl.sri.com> Subject: Examination Processing Error EXAMINATION PROCESSING ERROR The following is copied (without permission) from The Times (London). (C) TIMES NEWSPAPERS LIMITED 1986. [Glossary: O level ("Ordinary level") - an exam. taken by children aged fifteen or so. A level ("Advanced level") - an exam. taken two years after O level; a prerequisite for university entrance. CSE ("Certificate of Secondary Education") - an exam. for children who are not up to O level standard. GCSE ("General Certificate of Secondary Education") - a forthcoming amalgamation of O level and CSE, in preparation for which some boards are already setting papers common to both existing exams.] [[American readers should note that Public School means Private School. PGN]] [28 August 1986] COMPUTER MARK STARTS O-LEVEL PANIC By Lucy Hodges Education Correspondent Hundreds of pupils who took a new joint O level/CSE examination in chemistry received the wrong grade because of a computer error. It meant that no candidate received more than a grade C, the pass mark at O level, sending many parents and their offspring into a panic. Schools were telephoned to be asked if this meant that the pupils involved would be prevented from doing chemistry at A level next year. The schools queried the grades with the boards and the rogue computer program was discovered. The examination boards involved are the three GCE boards, Cambridge, Oxford and Cambridge, Southern Universities Joint, and the two CSE boards, West and East Midlands. These five boards are combining to form the Midlands Examining Group for the new GCSE exam. As part of their preparation they are running joint examinations in certain subjects and new computer programs have had to be set up. "The boards have to collaborate and with new computer programs we cannot find out mistakes until something happens," Mr. John Reddaway, secretary of the Cambridge board, said. A total of 12,000 students entered for the joint examination in chemistry, of which 3,800 were awarded a grade C by the computer. In fact 800 of these should have been a grade A and 1,000 a grade B, Mr. Reddaway said. The error appears to have occurred at the offices of the West Midlands CSE board in Birmingham, which was administering this particular exam. Mr. Reddaway said that the mistaken grades had all been rectified. "I hope schools and colleges will receive them tomorrow." Whitgift School in Croydon, a boys' public school which normally gets very good results, was one of those involved. It was surprised to find that all its O-level pupils had been awarded a grade C. "It was ridiculous in a school like this not to have any grades A or B," Miss Patricia Dawson-Taylor, the school secretary, said. "I told the board that we would be querying them." Parents of Whitgift boys have been informed by the school that there has been an error and that some candidates may be upgraded. [29 August 1986 -- excerpts from the follow-up report] EXAMS RESULT IS CORRECTED .... Because of what the Midlands Examining Group described as "a procedural, rather than a computer error", none of the 12,000 entrants ... was awarded more than a grade C ... .... Mr John Reddaway, secretary of the Cambridge board, said that because of misunderstandings between the five boards, the "hurdle" mark that distinguishes an A or B grade was not programmed into the computer. ... [1 September 1986 - Letters to the Editor] O-LEVEL ERRORS >From Mr P.D.R. Talbot Willcox Sir, The case reported in your columns today (August 28) of the computer error affecting the grades of O-level candidates raises the question whether other undetected computer errors are resulting in injustice and danger. The statement made by the Secretary of the Cambridge Board that "with new computer programmes [sic] we cannot find out mistakes until something happens" is hardly reassuring. The error was sufficiently gross to excite determined questioning by those most obviously affected. But one dreads to think what might have happened if only a smaller number of pupils had been affected. There are many other computer applications where errors of this kind would have more serious and even disastrous implications, not least being medical and criminal records. Is it not time for a Government enquiry to be held into ways and means of legislating to ensure that all potentially dangerous programmes are thoroughly checked before they are used? Yours faithfully, P.D.R. TALBOT WILLCOX, Rodwell House,Middlesex St, [London] E1, August 28. ------------------------------ End of RISKS-FORUM Digest ************************ -------