risks@CSL.SRI.COM (RISKS Forum) (09/07/89)
RISKS-LIST: RISKS-FORUM Digest Wednesday 6 September 1989 Volume 9 : Issue 22
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Paris computer takes law into its own hands (ST4012704 and Sally Jubb)
Brian Randell's comment on fault/failure analysis (Ted Lee)
Re: US occupational hazards much worse than in Europe (Mats Ohrman)
Re: medical systems and RF interference (Brian Kantor)
Re: mis-tagging (Olivier Crepin-Leblond)
Electronic House Arrest Failure (Martyn Thomas)
Re: Lowest-bidder or weak specs? (Henry Spencer)
Re: Law == Ethical Consensus (Douglas W. Jones, Victor Yodaiken,
Gilbert Harman, Eric Hughes, Bill Murray, Joel M. Halpern)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM.
TO FTP VOL i ISSUE j: ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR>
cd sys$user2:[risks]<CR>get risks-i.j . Vol summaries now in risks-i.0 (j=0)
----------------------------------------------------------------------
Date: Wed, 06 Sep 89 17:34:18 BST
From: ST4012704@PRIME-A.OXFORD-POLY.AC.UK
Subject: Paris computer takes law into its own hands
(From "The Guardian" - National Daily Newspaper) Wed 6-Sep-1989
A crusading computer has taken the law into its own hands and caught 41,000
Parisians on charges of murder, extortion, prostitution, drug trafficking and
other serious crimes. But the big round-up ended in embarrassment after an
admission by the City Hall yesterday that the electronic Batman could not tell
the difference between a parking offfence and gang warfare. "The accused
persons will be receiving latters of apology." an official at the City Hall
Treasury department said. "Instead of receiving summonses on criminal charges,
they should have been sent reminders of unpaid motoring fines in April. Somehow
or other the standard codes we use for automatically issued reminders got mixed
up."
The first hint of the avenging computer's self-appointed mission to clean up
the capital came at the weekend. Hundreds of Parisians received printed
letters accusing them of big crimes, but demanding only petty fines for the
major crimes of between #50 and #150 (pounds - UK equivalent). "About 41,000
people are involved and some of the charges are quite weird." the official
admitted. "One man has complained of being accused of dealing in illegal
vetinary products. Unfortunately, other accusations went much further, like
man-slaughter through the administraion of dangerous drugs." "There were a lot
of cases of living off immoral earnings, racketeering and murder." The
official said an inquiry had been started to see if the caped computer had a
human accomplice. So far, no one has asked the Joker if he was in Paris last
week.
[Also noted by Sally Jubb <salj@hplb.hpl.hp.com> ]
------------------------------
Date: Tue, 5 Sep 89 21:05 EDT
From: TMPLee.TIS@DOCKMASTER.NCSC.MIL
Subject: Brian Randell's comment on fault/failure analysis (RISKS-9.21)
I'd like to add one postscript to Brian Randell's observations about the
difficulty (impossibility? perhaps) of analyzing the failure modes and latent
defects of complex computer systems. Fault tree analysis, etc., may well be
valid and useful if all one is doing is estimating the probability of failure
under "normal" (even if stressed to the extreme by incompetent operators or
"acts of God") operation. One must note, however, that if the system is being
"stressed" by a conscious, knowledgeable, determined, perhaps well-funded,
"enemy" even his pessimistic analysis is too-optimistic: if the system has
exploitable flaws they WILL be found; it's only a question of time and energy.
------------------------------
Date: Wed, 6 Sep 89 08:14:23 GMT
From: matoh@sssab.se (Mats Ohrman)
Subject: Re: US occupational hazards much worse than in Europe, report claims
JON@GAFFER.RAD.WASHINGTON.EDU (Jon Jacky) writes:
>... The National Safe Workplace Institute found that more workers are
>killed on the job in this nation than in most other industrialized
>countries. ... US workers are 36 times more likely to be killed than
>a Swede,
>[ Such a big difference is surprising to me. Is this for real? It
>is often noted that European safety regulations are generally more
>stringent than those in the US.
Doesn't surprise me. Swedish safety regulations are VERY strict.
*Any* place with more than five employees has to have a safety ombudsman,
an employee trained to recognize hazardous situation, who has the authority
to stop any work that seems dangerous. Death accidents at work (other
than traffic accidents) are rare enough to usually make it into the national
media (and draw rather large headlines).
On the other hand, there are people comparing living in Sweden to living in a
padded cell. Oh, well...
_
Mats Ohrman
Scandinavian System Support AB, Box 535, S-581 06 Linkoping, Sweden
------------------------------
Date: Tue, 5 Sep 89 21:24:24 -0700
From: brian@ucsd.edu (Brian Kantor)
Subject: Re: medical systems and RF interference (Ranzenbach, RISKS-9.21)
If your radio was part of an 800MHz "trunked" radio system, it may have
transmitted even when you were not keying the microphone.
Trunked radio systems work by sharing a pool of channels between many users.
When a user transmits, he briefly interrogates the controller and is
temporarily assigned one of the pool of channels for his use. After some idle
time, the channel is considered available for use by other members of the
trunked system. Normally each mobile (which includes portables, etc) is
monitoring a "home" channel, but when any unit in the system transmits, the
repeater controller sends a signal out that directs ALL the units of that
customer to switch to the channel chosen, typically for the duration of the
dispatch. The mobiles normally do NOT acknowledge this switching, so they
don't transmit for that reason. In this way they differ from a cellular
telephone.
However, it is possible to equip mobiles with unit status reporting that allows
the base or repeater to poll each unit for its current status and can even be
used (in wide-area multiple-receiver trunked systems) to guess a rough location
of the unit. If your system were equipped with such an option, it might well
cause your walkie to key up even if you aren't talking on it.
There are, of course, other reasons for radios to key inadvertently. I recall
a prime example when the local fire department kept getting jammed; it turns
out that water from the fire hoses was spraying into a gap in the external-
microphone plug in their walkies and keying the transmitter. Of course it only
happened when they needed a clear channel most: at a working fire.
However, NO piece of life-support equipment should be as RF sensitive as you
describe that respirator to be. There is simply too much RF in the world
around us to allow that kind of shoddy design.
- Brian
------------------------------
Date: Fri, 1 SEP 89 14:35:29 GMT
From: Olivier Crepin-Leblond <ZDEE699@elm.cc.kcl.ac.uk>
Subject: Re: mis-tagging
The UK experiment with electronic tagging does apply ONLY to remand prisoners
who are not necessarily 'criminals' in the sense of killing/attempting to kill
someone. I referred to them as criminals, since in the English language, you
can call any breach of the law a crime. Speeding on the highway is a 'crime'.
Anything which is punishable by law can be put under a general heading of
'crime'. However don't take my word for this since I am French, so I am sure
that other people are more qualified than me to decide about this. I thank
Geraint Jones for pointing this out. I just didn't think people would get
confused about this.
Olivier Crepin-Leblond, Electrical & Electronic Eng,
Comp. Sys. & Elec., King's College London, UK.
------------------------------
Date: Mon, 4 Sep 89 12:15:53 BST
From: Martyn Thomas <mct@praxis.UUCP>
Subject: Electronic House Arrest Failure
A recent RISKS reported the experiment with electronic "tagging" of a
suspect awaiting trial in the UK. The system seemingly involves a transponder
permanently attached to the suspect's leg, interrogated at random by a
transmitter attached to a phone. If the transponder fails to respond, the
police are alerted that the suspect may have "escaped".
Datalink newspaper (September 4th) reports that "the only person to have
been tagged [ ... ] was woken in the early hours last week when a fault in
the [ ... ] system keeping tabs on him alerted the police to an 'escape'. "
Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
------------------------------
Date: Tue, 5 Sep 89 23:11:36 -0400
From: henry@utzoo.UUCP
Subject: Re: Lowest-bidder or weak specs? (RISKS-9.18)
>2. Discard the highest and lowest bids. (Since all bidders are bidding
>on the same job, if the bids are wildly out of range there's either a
>problem with the spec or the vendor.)
Unfortunately, discarding the low bid *sometimes* disqualifies precisely
the people who are best suited to do the job: the ones who have found a
new approach that radically simplifies the problem. The Douglas proposal
for what became the A-4 Skyhawk (1950s carrier-based light bomber) specified
half the weight -- and half the price -- that everybody else thought
reasonable. In the beginning, everyone thought Ed Heinemann (the chief
designer at Douglas) was either crazy or trying to pull a scam. The
Skyhawk arrived on schedule, on spec, on budget, on price, and on weight,
and was built by the thousands in an enormously successful program.
If the bids are wildly out of range, it may be because somebody's got more than
usual insight into what's going on. This might be either a realistic
assessment of the real cost of the project, leading to a high bid, or a new
approach, leading to a low bid. Either way, accepting the out-of-line bid
could be the right thing to do. Unfortunately, it's really hard to tell for
sure. You can't just look for some radical difference in the proposals,
because there may not be one. Heinemann didn't coat the Skyhawk with
antigravity paint; he was just unusually firm and thorough about finding ways
to reduce weight.
Henry Spencer at U of Toronto Zoology
uunet!attcan!utzoo!henry henry@zoo.toronto.edu
------------------------------
Date: Wed, 6 Sep 89 09:31:16 CDT
From: Douglas W. Jones <jones@pyrite.cs.uiowa.edu>
Subject: Re: Law == Ethical Consensus
I must take issue with Scott Guthery's piece in RISKS DIGEST 9.21,
dated 4 Apr 88 (no doubt, due to unusual congestion somewhere in UUCP).
He says that
> The law *IS* the current ethical consensus.
I will not argue that point, leaving that issue to those more versed in
both the law and ethics.
He goes on to conclude that
> A teacher in a institution receiving U.S. taxpayer support is legally
> obliged to state from the front of the classroom that if it isn't illegal
> it is by definition ethically correct.
This is nonsense.
I am an associate professor at the University of Iowa, supported totally by
tax dollars. Like most publically supported universities, we teach courses
on ethics and on religion, and even in our computer science classes, we
occasionally discuss ethical issues that are not addressed by the law.
Although the public school systems of our country have seemed to have an
incredibly difficult time with doing this, the universities have always done
it. The key do doing so is fairly obvious.
The University of Iowa College of Liberal Arts Classroom Manual (1983) governs
the conduct of classes in my college. It states
> No limitation is placed upon the teacher's freedom of expression in the
> exposition of the teacher's own subject in the classroom or in statements
> made outside the classroom, so long as these statements are in good taste.
> However, members of the faculty are morally bound not to take advantage of
> their positions by introducing into the classroom provocative discussions
> of irrelevant subjects that are clearly not within their respective fields
> of study.
Note that we are not bound by any written contract to obey these rules, nor
are these rules legislatively sanctioned. These rules do not represent the
"moral consensus" of the state. Rather, they represent the "moral
consensus" of the college. In a sense, the faculty of the college have
imposed this rule on themselves in order to avoid situations that might
force the state to reach it's own "moral consensus", codified in law, that
might limit our freedom to teach.
If I were to follow the logic Scott Guthery proposes, the fact that the state
has taken no legislative stand on what I can teach would imply that it is
completely moral for me to teach anything I want.
It is pretty obvious that the statement in our classroom manual is not really
restrictive enough, especially for those teaching in the departments of
religion, economics, political science, and philosophy. In those departments,
our code would suggest that faculty members would be entitled to advocate or
even require adherence to particular religious, economic, political and
philosophical stands, but doing so is clearly dangerous because it could bring
a legislative reaction. Faculty members in those departments almost always
have personal stands on such issues, and they are allowed to make their
personal views clear, but at the same time, they are expected to tolerate
students who disagree with their personal views and not try to impose those
views.
Fortunately, we have ethical traditions (most of which are not written into
law) which allow us to retain our freedom of expression. It might almost
be appropriate to state the following rule as an alternative to Guthery's
statement:
Laws are enacted when people fail to adhere to reasonable self-imposed
ethical standards.
Peer groups (friends, neighbors, fellow professionals) can all act to
reenforce such standards. For example, we have an ethical consensus that
stealing is bad, but no laws would have been enacted if it hadn't been for
the fact that, despite this consensus, some people steal. In the professions,
we have the opportunity to promulgate ethical codes, and in most mature
professions, we can impose these codes on ourselves, providing methods to
discipline our peers who fail to adhere to these codes. The more we succede
in our efforts at regulating our own behavior, the less need there is for
society as a whole to reach a "moral consensus" about how we should have
behaved, and encode this consensus in law.
Douglas W. Jones, Associate Professor of Computer Science, The University of Iowa
[I first thought the date might have been a belated April Fool's gag. I
suspect I stripped away some of the preceding header that would have indicated
a REMAILing of an old item that had not previously appeared in RISKS.
Recycling hits high gear? PGN]
------------------------------
Date: Tue, 5 Sep 89 21:07:04 EDT
From: yodaiken%freal@cs.umass.edu (victor yodaiken)
Subject: Re: Law == Ethical Consensus (RISKS-9.21)
Scott Guthery writes in RISKS 9.21 :
>A teacher in a institution
>receiving U.S. taxpayer support is legally obliged to state from the
>front of the classroom that if it isn't illegal it is by definition
>ethically correct.
This is false, and ethically incorrect.
------------------------------
Date: 5 Sep 89 23:36:47 GMT
From: ghh@clarity.princeton.edu (Gilbert Harman)
Subject: Re: Law == Ethical Consensus (RISKS-9.21)
Scott Guthery [...] is confused. (1) The law *IS NOT* the current ethical
consensus. (2) The current ethical consensus, if there were one, is not the
same thing as what is ethically correct. (3) What is ethically correct is
distinct from what is required by one or another religion. (4) A teacher in an
institution receiving U.S. taxpayer support who says that, "if it isn't illegal
it is by definition ethically correct" should be dismissed for incompetence
both in ethics and in knowledge of definitions.
Gilbert Harman, Princeton University Cognitive Science Laboratory
221 Nassau Street, Princeton, NJ 08542 HARMAN@PUCC.BITNET
------------------------------
Date: Tue, 5 Sep 89 17:21:13 PDT
From: hughes@bosco.Berkeley.EDU
Subject: Re: Law == Ethical Consensus (RISKS-9.21)
Religion is not the only other source of ethics in the world. Philosophy, the
largest such source, is not the same as religion nor is it the same as the law.
Do not blur the distinction between ethics and morals.
The ethics as found in the law should be the _minimum_ required.
Eric Hughes hughes@math.berkeley.edu ucbvax!math!hughes
------------------------------
Date: Tue, 5 Sep 89 21:43 EDT
From: WHMurray.Catwalk@DOCKMASTER.NCSC.MIL
Subject: Law, religion and ethical norms
It is said that in Soviet Russia everthing that is not explicitly permitted
is implicitly restricted. Mr. Guthery suggests that in the U.S. everything
that is not illegal is implicitly permitted. He seems to feel, indeed claims
to know, that in public institutions to claim otherwise is to violate the
constitutional ban on state recognition of religion.
Of course, the implication is that law and religion are the only sources of
ethical and moral norms. If the source is not law, then it must be religion.
For the state to espouse such a norm is to recognize religion.
If indeed state institutions are behaving this way, it would explain a great
deal. It would explain viruses, drug abuse, a quarter of a million teen
pregnancies, and a million abortions. It would explain 200,000 deaths per
year from the use of tobacco, and 20,000 deaths a year from driving under
the influence of alchohol.
If state institutions are behaving this way, it would have to fall into the
category that Bob Courtney calls "malicious compliance," conforming to the
law only when compliance will make the law appear absurd.
Of course, there are other sources for judging right behavior besides law and
religion. They include community interest, enlightened self-interest,
legitimate national interest, contract, professional ethics or practice, and
other concepts of fairness, justice or equity. To that list one can add
tradition and religion. However, I confess that when I first created the the
list, I forgot tradition and religion; they did not even occur to me until I
read Mr. Guthery's posting.
Now, I confess that I erred grievously. I suggest that all those that would
suggest that law and religion are the only sources of norms of right conduct,
err even more. The position is so absurd, that had I not left religion off my
list, equally absurd, I might be tempted to conclude that they were malicious.
That is, they took their position in order to demonstrate that the state must
recognize an establishment of religion.
William Hugh Murray, Fellow, Information System Security, Ernst & Young
2000 National City Center Cleveland, Ohio 44114
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
------------------------------
Date: 6 Sep 89 15:22:24 GMT
From: jmh@ns.network.com (1606)
Subject: Re: law == Ethical Consensus
In his article, Scott Guthery states that a Professor at a tax
supported institution is required to assert that Law == Ethical behavior.
This is not true, and does not reflect either the law or the ethical
guidelines of any of the major professional societies. I agree that the
proliferation of non-legal guidelines does not provide a good basis for teaching
ethics in computer science. However, the separation of Church and state does not
prevent the teaching of a course on Ethical behavior of computer scientists. Nor
does it restrict such a course to an explaanation of the legal constraints.
(Not that there are Religion departments at most major tax supported
institutions. Also, most philosophy departments have several course on ethics,
including history and modern thoughts. These courses often deal with the
question of whether certain behaviour is ethical under a certain theory. Often
this is reflected against the background of the students and professors natural
inclinations and insights into the topic.)
Joel M. Halpern, Network Systems Corporation
------------------------------
End of RISKS-FORUM Digest 9.22
************************