risks@CSL.SRI.COM (RISKS Forum) (08/01/90)
RISKS-LIST: RISKS-FORUM Digest Tuesday 31 July 1990 Volume 10 : Issue 16
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Etalfried Wedd's Loan Authorization (John W. McInroy)
Pilots vs. automation (Henry Spencer)
Widespread use of computer simulations as evidence in court (Jon Jacky)
Oklahoma computer system foulup (Steve Bellovin)
Big Brother getting bigger (Clifford Johnson)
RISKS of Publicly-conducted Benchmark Demonstrations (Richard Busch)
Citibank, ATM, electronic transactions (Melik Isbara)
USAF ecm systems: software 2 years late (Martyn Thomas)
A320 FADEC Software Diversity?? (Pete Mellor)
Hubble problems (Eugene N. Miya)
Re: Pentagon Pizza (Henry Spencer)
More on carpal tunnel syndrome/RSI (Blake Sobiloff)
CTS info requested (Alan Wexelblat)
Risk Management in the public sector (Request for info) (Mark A. Yedinak)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM.
TO FTP VOL i ISSUE j: ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR>
cd sys$user2:[risks]<CR>GET RISKS-i.j <CR>; j is TWO digits. Vol summaries in
risks-i.00 (j=0); "dir risks-*.*<CR>" gives directory listing of back issues.
ALL CONTRIBUTIONS ARE CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
----------------------------------------------------------------------
Date: Sat, 28 Jul 1990 15:18:54 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Etalfried Wedd's Loan Authorization [FROM John W. McInroy]
We have had tales of computer-perverted names before. John W. McInroy
(Lockheed, Austin) sent me a very cute article by Mike Kelley that appeared in
the Austin American-Statesman (23 July 1990, p. A8) describing a computer
generated letter recently received by the Austin law firm of Friedman,
Weddington and Hansen. Their local bank computer referred to the firm account
as "Friedman Wedd etal". This of course led to a letter to Etalfried Wedd from
a financial services company, with a "Pre-Approved Loan Authorization" for $750
requiring only a signature, "because you have demonstrated that you maintain a
good credit record ..."
In a wonderful spoof that I will only summarize here, Mike Kelley wrote about
"Etalfried" answering indignantly that $750 "does not justify the time it takes
to sign my name", the finance company upping it to $5,000, another indignant
response, then an offer of a loan for $250,000. The story ends with Etalfried
finally getting an unsecured cash loan of $3.4 billion and retiring to "elegant
and commodious surroundings on the sea in a small and remote South American
country. ... It is also reported that he takes particular delight in reading
over and again the account of how Tom Sawyer contrived to whitewash Aunt
Polly's fence." Congratulations to Mike Kelley for spinning a fine yarn.
------------------------------
Date: Wed, 18 Jul 90 22:13:44 EDT
From: henry@zoo.toronto.edu
Subject: Pilots vs. automation
The 30 May issue of Flight International notes an interesting FAA decision.
The latest wonderful innovation for airliners is TCAS, the Traffic alert
and Collision Avoidance System, which uses transponder returns from other
aircraft to report significant collision hazards and advise the pilots
on evasive action. The first TCAS systems are now in airline testing.
The decision says "...enforcement action will not be initiated against
flightcrews who deviate from an assigned clearance issued by air traffic
control when that deviation is in response to a TCAS-generated resolution
advisory and the response is in accordance with the air carrier's approved
flight procedures". (A "resolution advisory" is, roughly speaking, a
report of imminent danger; TCAS can also issue "traffic advisories",
milder warnings of potential trouble, not mentioned in the FAA ruling.)
The airlines and the pilots' union are satisfied with this for now, but
would like to see changes to the laws, rather than just a promise not to
enforce them, in the long run.
This brings to mind an interesting thought: who gets the blame if (when) a TCAS
warning *causes* a collision, through either electronic or human confusion?
Henry Spencer at U of Toronto Zoology utzoo!henry
------------------------------
Date: Tue, 24 Jul 1990 21:57:16 PDT
From: JON@GAFFER.RAD.WASHINGTON.EDU (Jon Jacky)
Subject: Widespread use of computer simulations as evidence in court
Here are excerpts from THE SEATTLE TIMES, July 23 1990 p. E3:
COMPUTER ANIMATION AIDING LAWYER'S CASES (from the ORLANDO SENTINEL)
ORLANDO, Fla. --- The truck driver claimed he couldn't avoid hitting and
severely injuring the 9-year-old riding a bike. But a one-minute computer
simulation depicting the 1986 accident near St. Cloud, Fla., showed that
the driver had enough time to miss the rider. The truck driver's insurance
company settled the lawsuit in 1988 for $2.1 million. ...
Whether in depicting auto accidents, plane crashes, industrial accidents or
other events, computer animation is fast developing into a powerful legal
tool that helps lawyers win cases.
The technology is used primarily by personal injury lawyers who are trying to
win big-dollar awards for their clients.
F. Lee Bailey, one of the nation's top trial lawyers, told a group of lawyers
at a recent Florida Bar annual meeting in Miami Beach that computer animation
is becoming as important as courtroom rhetoric in winning cases.
"There are untold opportunities for the use of animation in the courtroom,"
said Bob Scott, head of Juris Corp., an Orlando company that produces courtroom
exhibits and recently began offering computer animation. "I believe in five
years it will be the predominate methodology in showing demonstrative
evidence," Scott said.
[ There is at least one firm in Seattle that specializes in creating computer
animations of accidents for use in court. - JJ ]
Jonathan Jacky, University of Washington, Seattle jon@gaffer.rad.washington.edu
------------------------------
Date: Mon, 23 Jul 90 23:17:12 EDT
From: smb@ulysses.att.com
Subject: Oklahoma computer system foulup
In Oklahoma, about 18,000 state employees were paid late -- very late --
because of the cutover to a new computer system. As of today -- 12 days
after they should have been paid -- only half of them had received their
checks. The state was forced to use an older computer system to write
the checks; additionally, since the news story indicates that they had
to draw on a special reserve fund, it would seem that the entire disbursement
system, and not just the payroll system, is involved.
The problem -- the new code apparently runs too slowly, and input tapes are in
the wrong format.
--Steve Bellovin
------------------------------
Date: Thu, 12 Jul 90 13:54:59 PDT
From: "Clifford Johnson" <GA.CJJ@Forsythe.Stanford.EDU>
Subject: Big Brother getting bigger
Excerpted from Gov't Computer News, July 9, p.8:
JUSTICE PROCEEDS TO CREATE ITS DRUG INTELLIGENCE CENTER
The Justice Department plans to spend $5 million developing systems for its new
National Drug Intelligence Center ... [and] about $55 million to establish
the center ... they expect annual operating costs to be about $27 million.
The Justice plan calls for NDIC to become totally operational in 1992 ...
Members of Congress and groups such as Computer Professionals for Social
Responsibility and the ACLU have voiced concerns ... they have questioned
whether the center might violate privacy laws by using electronic information
and linking numerous federal databases into a national database. Thornburgh
attempted to quell these fears saying "It's not 'Big Brother'" ... other
agencies involved include the the Customs Service, the Coast Guard, the
Immigration and Naturalization Service and the FBI. The Defense Department
also has assumed increasing responsibility.
An example of the latter is a similarly expensive facility for the Navy, which
will integrate data from various radars, besides listening in on telephone
calls and so forth.
------------------------------
Date: 13 Jul 90 14:44:41 PDT (Friday)
From: "Richard_Busch.SD"@Xerox.COM
Subject: RISKS of Publicly-conducted Benchmark Demonstrations
>From a recent issue of "Computing," the weekly newspaper of the British
Computing Society:
"When it comes to choosing a speedy communications channel in today's
technology market-place nothing beats a pigeon. Fax company Faxit Europe
discovered this to its embarrassment, after pitching one of its high-tech fax
machines against Joe, a four-year-old Blue Chequer pigeon.
"The company wanted to show at the launch of its new public pay-fax credit
card system that fax is quicker than flight. But they hadn't bargained with
Joe, a winner of two open races. Joe beat the fax in a one mile challenge
race, arriving more than a minute before the caricature drawing of him
emerged from the machine.
"Executives at Faxit Europe were left perhaps not so much with egg on their
faces, but with [...] on their collective shoulders."
[Like pigeon pennies? PGN]
------------------------------
Date: Fri, 13 Jul 90 02:00:53 GMT
From: isbara@cs.columbia.edu (Melik Isbara)
Subject: Citibank, ATM, electronic transactions
I am posting this article to inform the netters about a problem with Citibank
ATM machines and to ask for any information and suggestions. Please bear with
me.
When I received my last bank statement, I have noticed three transactions in
which $900 dollars were withdrawn from my accounts from a Citibank ATM machine
at a downtown NYC branch which I have never used. ($900 were withdrawn in
three transactions.)
FACTS:
1. I did not do those transactions.
2. When they took place I was at work out of NYC.
3. I did not lose my bankcard or give it to anyone.
4. I did not write down my password or tell it to anyone.
After I received my statement I went to my branch and talked to a customer
representative. After a couple of days I got two letters from Citibank saying
that results of their investigation (which consists only of looking at the ATM
machine records for those specific transactions) showed that for those
transactions my bankcard and my password were used therefore they could not
honor my claim.
Now my guess is that this is most probably a software problem because last
weekend I went to the branch where money was withdrawn and there was a sign
on the door saying that the ATM machines there were out of order. I also
learned that they have been out of order for about a week.
I am going to take a legal action against to Citibank therefore
I would like to know if anybody is aware of a similar situation or if anyone
has any ideas on how this might have happened. I would appreciate any
information and suggestions that can help me to fight Citibank to recover my
money and to explain how this event might have happened.
Please e-mail to mii@briar.philips.com or isbara@cs.columbia.edu
Thanks in advance.
Melik Isbara, Columbia University, Dept. of Electrical Eng.
Disclaimer: My employer is not responsible for the content of the article
posted above.
------------------------------
Date: Tue, 31 Jul 90 14:37:43 BST
From: Martyn Thomas <mct@praxis.co.uk>
Subject: USAF ECM systems: software 2 years late
According to Flight International (25-31 July 1990, p13), the US General
Accounting Office has discovered that the Westinghouse electronic
countermeasures (ALQ-131 jammer) on F16s and F111s in Europe are inoperative
because the "no suitable software had been supplied" for the "Loral
receiver-processor", two years after delivery.
Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel: +44-225-444700. Email: mct@praxis.co.uk
------------------------------
Date: Fri, 22 Jun 90 22:36:18 PDT
From: Pete Mellor <pm@cs.city.ac.uk>
Subject: A320 FADEC Software Diversity??
The Electronic Flight Control System (EFCS) is not the only flight-critical
software controlled system on the A320. The Full Authority Digital Engine
Control (FADEC) is another.
Single points of failure of hardware can be eliminated from system design by
using redundant components or hardware subsystems. To achieve a similar
design aim where software is concerned requires diversity. The EFCS in fact
incorporates both software diversity, hardware design diversity, and hardware
redundancy. See, for example:
Traverse P.J.: "Dependability of Digital Computers on board Airplanes"
Preprints of 'Dependable Computing for Critical Applications',
IFIP WG 10.4 Intl. Working Conference, Santa Barbara, CA, Aug.1989,
pp 53-60
I have recently received copies of:
Cosimo J. Bosco: "Certification Issues for Electrical and/or Electronic
Engine Controls."
SAE Technical Paper Series #871844, 1987
Keywords: EEC electronic engine controls FADEC certification issues
and:
Federal Register Vol. 54, No. 17, Jan.27, 1989, Docket No. NM-26:
"Special Conditions: Airbus Industrie Model A320 Series Airplane."
(Final special conditions for certification)
Bosco states (p. 20) that "The all electronic FADEC is usually a completely
redundant, dual-channel, primary/secondary type of system. Current systems
have successfully employed *ESSENTIALLY THE SAME SOFTWARE* in each of the
redundant channels." [my emphasis]
Now, if the same software is loaded into redundant hardware processors, any bug
is a potential source of single-point failure of the system as a whole. Bosco
in fact goes on to discuss this very point.
The final special conditions in docket NM-26 do not require diversity as such,
only that "...the components of the propulsion control system...must have the
level of integrity and reliability of a hydromechanical system (HMC) meeting
current airworthiness standards".
In the discussion printed below this statement of the requirement, it is stated
that in practice this "...is demonstrated by an inservice loss of thrust
control approximately once per 100,000 hours of operation...This level of
reliability for the loss of thrust control on one engine will result in an
overall airplane propulsion control system reliability that is consistent with
the guidance [presumably 10^-9 probability of failure as in AC 25.1309-1]
associated with 25.1309(b)(1), *ASSUMING AN INDEPENDENCE OF THE FAILURE
CONDITIONS THAT CONTRIBUTE TO THE LOSS OF THRUST CONTROL*."[my emphasis again]
The question that I ask is therefore: "Does the FADEC as *actually*
certified on the A320 employ diverse software in the different channels?".
My suspicion is that the FADEC does not incorporate dissimilar software, and
that its software can therefore be a source of common mode failure for the
whole propulsion control system. This would seem to contradict the special
condition referred to above. At the same time, the FAA seems to be very well
aware of the common mode failure potential of software.
Even if the same two dissimilar programs are present in both FADECs, it is
possible for a bug in one homologue to be a common point of failure between
the two engines.
FADECs are relatively mature devices. Does anyone out there have any hard
information, particularly references to published papers?
Peter Mellor, Centre for Software Reliability, City University,
Northampton Square, London EC1V 0HB Tel.: +44 (0)71-253-4399 Ext. 4162/3/1
------------------------------
Date: Sun, 1 Jul 90 17:29:26 -0700
From: Eugene N. Miya <eugene@wilbur.nas.nasa.gov>
Subject: Hubble problems
"Ain't hindsight wonderful?"
First off, any large complex project is bound to have problems. I'm not saying
that I support my employer or defend the HST. Consider for instance that other
institutions are also bound to have used some of the same types of components
in their systems: Perkin-Elmer (and its subsidary), Lockheed, etc. are all
going to feel this (in one investigation which JPL was involved, LMSC was also
blasted by Congress). P-E is making mirrors and instruments for other
projects, I would worry about Keck for instance.
Second, every project is a set of compromises. I've have seen other criticisms
of HST in the science press before launch and also had my own crticisms of
GSFC. Those of "us" who have been on "losing teams" aren't off saying "I told
you so." But in finger pointing, it does not help to keep wheat and chaff
together. The less noise when trying to locate problems, the better.
Lastly, it is important to note this isn't bad just for NASA but bad for big
science and science projects in general. I worry about the "climate" for any
research in this country, because research tends to fail 90% of the time (if
you really need a reference for this I have it). The next time, it might not
be a satellite telescope, but maybe a particle accelerator, a computer project,
or who knows. Are we are too involved in finger-pointing and not enough
involved to 1) help fix, 2) stay out of the way of those trying to fix (keeping
quiet unless we have significant info)? Are we contributing to the demise of
any research funding (DARPA, NSF, NASA, DOE as well as private) at all?
e. nobuo miya, NASA Ames Research Center, eugene@orville.nas.nasa.gov
{uunet,mailrus,other gateways}!ames!eugene
------------------------------
Date: Mon, 30 Jul 90 12:28:23 EDT
From: henry@zoo.toronto.edu
Subject: Re: Pentagon Pizza
>interviewed someone from Domino's and he said that prior to the Panama invasion
>deliveries to the Pentagon jumped 25%. ...
This sort of thing is not new. During WW2, John Campbell -- editor of
Astounding Science Fiction and essentially the founder of modern SF --
apparently had a wall map with colored pins showing the distribution of A.S.F.
sales. He found it interesting that A.S.F. sold many copies in obscure places
like Oak Ridge and Los Alamos, where there wasn't supposed to be anything
noteworthy going on...
Henry Spencer at U of Toronto Zoology utzoo!henry
------------------------------
Date: Wed, 18 Jul 90 12:30:43 edt
From: wex@pws.bull.com
Subject: CTS info requested
Recently, several informative articles on Carpal Tunnel Syndrome (CTS)
appeared in RISKS. I would like to correspond with any RISKS readers who
have first-hand experience with the condition and its treatment.
Please write or call me.
--Alan Wexelblat
Bull Worldwide Information Systems internet: wex@pws.bull.com
phone: (508) 294-7485 (new #) Usenet: spdcc.com!know!wex
------------------------------
Date: Thu, 12 Jul 90 09:19:38 CDT
From: sobiloff@agnes.acc.stolaf.edu (Chrome Cboy)
Subject: More on carpal tunnel syndrome/RSI
>Date: Thu, 28 Jun 90 14:11:52 EDT
>From: henry@zoo.toronto.edu
>Subject: Re: info on carpal tunnel syndrome (CTS)
Henry Spencer asks:
>What was the incidence of CTS twenty years ago, when electric typewriters
>routinely had non-linear force-depression curves? Or before that, when
>manual typewriters required far more finger pressure than any modern
>keyboard? Yet again, we have here a case of a "computer risk" that isn't
>really new, and data from olden days could be very useful in deciding what
>*really* causes it.
Unfortunately I don't know of any data that is available concerning RSI in
typists before the introduction of computers to the work environemnt. However,
what Henry is overlooking is how a typist's job has changed with the advent
of computers. Instead of having to pause every page to change the paper, and
in some cases at the end of every line to return the carriage, now a person
can sit at a computer uninterrupted for hours on end. This greatly increases
the amount of stress on the carpal tunnel because there is very little
variance in movement any more.
I agree that it would be nice if there were data from the "olden days" that
details typists, but all the data I am aware of (which isn't much) deals with
RSI in factory workers. I wish I could interpret this as meaning that RSI was
not prominent enough to garner any attention, but that would be overextending
the data (or lack thereof).
Also, RISKS readers might want to familiarize themselves (if they aren't
already) with the RSI problems in Australia. This is a very interesting
situation where the incidence of RSI is very high, but there is some data that
suggests that the explosion of RSI cases may have more to do with
unsatisfactory work conditions (pay, not posture) and the health-care system's
treatment of RSI than with actual physical problems. I'm afraid I don't have
any references handy, but I could provide them in short order if anyone wishes
to pursue this further.
Blake Sobiloff, St. Olaf College
------------------------------
Date: 17 Jul 90 14:26:12 GMT
From: yedinak@motcid.UUCP (Mark A. Yedinak)
Subject: Risk Management in the public sector (Request for info)
I am posting this for my father, who is looking for text on the subject of Risk
Management within the public sector. He is interested in automating a materials
handling system and would like information on the risks associated with
automation of similar systems. He would also be interested in any other
significant articles relating to risk within the material control and financial
management areas. Email can be sent to me directorly at the below
address or to him via US Mail or fax at:
Mike Yedinak, Chicago Transit Authority
Merchandise Mart Plaza Room 725
Chicago, IL 60654 Fax: 312-763-6369
Thanks for the assistance.
Mark A. Yedinak, Motorola - General Systems Sector, 3205 Wilke Road,
Arlington Heights, IL 60004 708-632-2874 - uunet!motcid!yedinak
------------------------------
End of RISKS-FORUM Digest 10.16
************************