RISKS@CSL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (08/08/86)
RISKS-LIST: RISKS-FORUM Digest, Thursday, 7 August 1986 Volume 3 : Issue 33
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Air traffic computer failure (Hal Perkins)
Re: Laserprinter dangers (Sean Malloy)
Re: Expert system to catch spies (Rich Kulawiec)
Survey of Computer Professionals (Kurt Hyde)
** CORRECTION FOR RISKS-3.32,
** The Recent Near-Disaster for the Shuttle Columbia (Peter G. Neumann):
** THE FIRST PARAGRAPH, BEGINNING
** "WASHINGTON - The space shuttle Columbia (the launch preceding ...",
** WAS FROM THE NY TIMES SUMMARY, NOT THE AP. (IT IS QUOTED THEREAFTER,
** AND WAS MEANT TO HAVE BEEN DELETED AS REDUNDANT... SORRY. PGN)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM)
(Back issues Vol i Issue j available in CSL.SRI.COM:<RISKS>RISKS-i.j.
Summary Contents in MAXj for each i; Vol 1: RISKS-1.46; Vol 2: RISKS-2.57.)
----------------------------------------------------------------------
Date: Fri, 8 Aug 86 00:14:04 EDT
From: hal@gvax.cs.cornell.edu (Hal Perkins)
To: risks@csl.sri.com
Subject: Air traffic computer failure
From the New York Times, Thursday, August 7, 1986, p. A10.
Computer Failure Snarls Chicago Air Traffic
WASHINGTON, Aug. 6 (UPI) -- The main computer used by air traffic
controllers at Chicago Center, the Federal Aviation Administration's
busiest facility, failed Tuesday, delaying hundreds of flights, an
agency spokesman said today.
The failure, which lasted two hours, during which a backup computer
operated, caused no safety-related incidents, a spokesman, Robert
Buckhorn, said.
The incident at 2 P.M. was caused by the failure of a computer
element that feeds the computer radar information and other data
critical to tracking and directing flights in the crowded Chicago
airspace, agency sources familiar with the breakdown said.
In Chicago, agency sources said some of the main computer's functions
were restored Tuesday afternoon. Mr. Buckhorn said the problem was
completely corrected at about 6 A.M. today.
[Anybody know further details about this? HP]
------------------------------
Date: Thu, 7 Aug 86 06:55:10 pdt
From: malloy@nprdc.arpa (Sean Malloy)
Subject: Re: Laserprinter dangers
To: RISKS@CSL.SRI.COM
Cc: gh%ai.toronto.edu@CSNET-RELAY.ARPA
>From: Graeme Hirst <gh%ai.toronto.edu@CSNET-RELAY.ARPA>
>Subject: Re: Laserprinter dangers
>
>The one exception I can think of is my city tax and water bills, which have
>(on plain colored paper) the most ornate laser-printing imaginable -- which
>required some amazing hacking on the Xerox 9700. Duplicating this would be
>of the same level of complexity as forging pre-printed stock ...
This is less of a problem than you might imagine -- Any good laser printer
has a page control language, such as PostScript on the Imagen laser printer
at my office, that can output bitmap images. And with the availability of
graphic input devices like digitizing cameras and image scanners, the
problem of entering ornate output formats is due more to the price of the
input devices than the actual input itself.
And even if you have to put the paper through twice, once for the fixed
ornate work, and once for the text of the bill itself, the result is going
to look like the real thing. And with some of the page layout packages like
InterLeaf, the whole output can be laid up for each page on a single pass,
at the expense of speed of output (InterLeaf eats an amazing amount of CPU
time).
Simply having a complex output format isn't enough to prevent forgery --
all that will happen is that the forgers will have to resort to the
same technology that created the image in the first place.
Sean Malloy, Naval Personnel R&D Center, malloy@nprdc
------------------------------
Date: Thu, 7 Aug 86 22:57:24 est
From: Whitewater Wombat <rsk@purdue-asc.ARPA>
To: risks@csl.sri.com
Subject: Re: Expert system to catch spies
Mr. Rosa's recommendation that expert systems be used in order to identify
potential spies certainly has some chilling Orwellian overtones, and also
highlights certain misconceptions about expert systems.
The cross-correlation of credit histories, bank records, major purchase
receipts, customs logs, and so on, is certainly a monumental task, given the
size of the databases involved if such a program were applied on a national
scale; but this sort of problem seems to me to be within the reach of
ordinary database query systems. In my opinion, a program which performs
such searching operations is not an expert system, but a (smart) database
manager. Calling it an expert system does not make it one.
Chris McDonald points out another important problem; "suitability", in terms
of whatever criteria are employed, does not necessarily imply guilt. For
example, if I were to design the criteria, I might direct the program to
search for frequent overseas travellers with multiple bank accounts and
expensive automobiles. Of course, the resultant list of "suspects" would be
huge, and would probably contain a great number of prominent business
executives. Certainly, this is a facetious example, but extending and
refining the criteria will only partially reduce the list. Given the
initial (huge) size of the search space, I wonder whether the reductions
would ever be sufficient to reduce it to a humanly-manageable size. I
speculate that a case-by-case examination of the list would simply not be
feasible.
Finally, the public at large (apparently including Mr. Rosa) does not
seem to understand that expert systems are built to embody the
knowledge of human experts. (Perhaps this will eventually change;
but I am as yet unaware of any self-taught expert system.) System
architects spend a great deal of time querying human experts to find
out how they reason about the problem space, and then attempt to
construct a system that (loosely) mimics that process. To a large
extent, the efficacy of an expert system depends upon the expertise
of those whose collective experiences were tapped to build it. If a
spy-catching expert system is to be reasonably successful, then at
least one human expert must be found...but is there one? Is there at
least one person whose acumen is comparable with, say, the medical
diagnostic skills of the physicians involved in the Mycin project?
My intuition says that there is not. (But I'll hedge my bets by
observing that if the U.S. government actually had such a person in
their employ, they'd be unlikely to publicize that fact.) It seems
to me that Mr. Rosa is invoking the modern magic buzzword "expert
system" as if he expects a team of software engineers to solve
national security problems for him. Given the limited (impressive,
but limited) success that expert systems have enjoyed in such highly
restricted problem domains as mineralogical prospecting and computer
system configuration, I doubt that they'd be much help in such a
wide-open area as espionage.
Rich Kulawiec, pucc-j!rsk, rsk@j.cc.purdue.edu, rsk@purdue-asc.arpa
------------------------------
Date: Thursday, 7 Aug 1986 07:32:41-PDT
From: hyde%vax4.DEC@decwrl.DEC.COM (Kurt Hyde DTN 264-7759 MKO1-2/E02)
To: risks@sri-csl.ARPA
Subject: Survey of Computer Professionals [REPLY TO KURT, NOT RISKS]
Survey of Computer Professionals Regarding Computerized Voting
Please return to TOPCAT::HYDE on Digital's Engineering Net by
Tuseday, August 12th.
1) Would you trust a computerized voting system if did not allow you
to monitor how it worked nor did it allow you to inspect the ballot
it cast for you?
YES, I would trust it NO, I not would trust it
2) Would you trust a computerized voting system if did allow you to
monitor how it worked, but did not allow you to inspect the ballot
it cast for you?
YES, I would trust it NO, I not would trust it
3) Would you trust a computerized voting system if did not allow you
to monitor how it worked, but it did allow you to inspect the ballot
it cast for you?
YES, I would trust it NO, I not would trust it
4) Would you trust a computerized voting system if it allowed you to
monitor how it worked and allowed you to inspect the ballot it
cast for you?
YES, I would trust it NO, I not would trust it
[Presumably Kurt will share the results with us. A
sequence of four answers (YES or NO) will suffice. PGN]
------------------------------
End of RISKS-FORUM Digest
************************
-------