RISKS@KL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (07/22/89)
RISKS-LIST: RISKS-FORUM Digest Saturday 17 June 1989 Volume 8 : Issue 81
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Re: Disarmament by defect (Gary Chapman)
Medical history-on-a-card? (Ellen Keyne Seebacher)
No backups -- TOWER of Babel (Sam Cramer)
'Blip' Blows Computers Back to Paper Age (Mark Osbourne)
Re: Computer electrocutes chess player who beat it! (O. Crepin-Leblond)
Re: Hartford Coliseum (Richard S. D'Ippolito)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
* RISKS MOVES SOON TO csl.sri.com. FTPable ARCHIVES WILL REMAIN ON KL.sri.com.
CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM.
FOR VOL i ISSUE j / ftp KL.sri.com / login anonymous (ANY NONNULL PASSWORD) /
get stripe:<risks>risks-i.j ... (OR TRY cd stripe:<risks> / get risks-i.j ...
Volume summaries in (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99).
----------------------------------------------------------------------
Date: Fri, 16 Jun 89 13:49:57 PDT
From: chapman@csli.Stanford.EDU (Gary Chapman)
Subject: Re: Disarmament by defect
The plot of the latest John LeCarre novel, *Russia House*, involves a Soviet
physicist who goes by the code name Goethe, who, in the story, was for many
years in charge of the Soviet ICBM testing program, and created the telemetry
encryption schemes that the Americans had been trying to break for many years
(telemetry encryption is a serious dispute between the U.S. and the Soviets in
real life). Goethe has an attack of conscience, and decides to reveal to the
West that Soviet ICBMs are virtually duds--if they get out of their silos at
all, they're just as likely to hit Minsk as Chicago. All of contemporary U.S.
strategic theory, and strategic spending (hardened silos, SDI,
launch-on-warning, etc.), is of course based on the assumption that Soviet
missiles can fly right down the silos of Minuteman IIIs and MXs over here.
The interesting part of this story is the effect that Goethe's information has
on U.S. authorities. The defense contractors go ballistic, if you'll pardon
the pun. Their whole raison d'etre is based on continuing technological
refinement to counter a Soviet threat that is suddenly no longer there. The
"Bluebird" documents (Goethe's notebooks) also call into question the whole
multi-billion dollar apparatus of U.S. surveillance and intelligence analysis
in the strategic arena--satellites, listening posts, KC-135s, trawlers, etc.,
not to mention brigades of experts. And the implication is that the U.S.
arsenal is really no better, that we've all been living with the colossal
implications of two enormous nuclear arsenals, and in actual fact neither one
really works at all.
The result of this revelation from Goethe is largely just an escalation of the
current stalemate between doves and hawks. The hawks claim Goethe's
information is sophisticated disinformation, and if the information is
deliberate disinformation then the claims of Soviet incompetence *must* mean
that the missiles are actually even *more* accurate than we suspect. The doves
claim that the information is accurate, and that there is no rationale for
extravagant weapons systems that are supposed to protect us from a threat that
has always been a hoax. This debate produces paralysis.
It would seem to me that technologists and scientists, contemplating the
awesome significance of the integrated nuclear system that we live with every
day, would want to know, objectively, whether the damn thing will work when it
is called upon. Once this fact had been established one way or another, it
would be immensely easier to grasp what sort of problems we face that can be
bracketed out from the technological uncertainty that saturates the whole
nuclear system. But, since a "test" of nuclear war is impossible--or at least
so wildly crazy that no sane person would propose it seriously--we have an
enormous, fundamental precedent for building other technological systems that
have great risk, that cannot be tested, that are inseparable from political
persuasions and irrational faiths, and which incrementally add momentum and
depth to this process of scientific and technological corruption. Goethe
suggests that when his scientific notebooks are published, they be titled "The
Biggest Lie Ever," or something like that. But even Le Carre doesn't seem to
realize how big the lie really may be--it may no longer be confined to nuclear
weapons, but in fact may be endemic in a whole host of technologies that have
been generated within the same, now one-dimensional epistemology of modern
engineering--"we hope it will work; if it doesn't get back to us."
-- Gary Chapman, Computer Professionals for Social Responsibility
------------------------------
Date: Fri, 16 Jun 89 16:02:38 CDT
From: "Ellen Keyne Seebacher" <see1@tank.uchicago.edu>
Subject: medical history-on-a-card?
The following item appeared in SELF magazine (aimed at younger working
women) a couple of months ago, and I've heard nothing about it since:
"Credit-card-size medical records are being used in several pilot
programs in the U.S., and the British government is thinking about
issuing them to the entire population. The pocket-sized plastic
"smartcard" has a thin computer chip that stores basic info. -- blood
type, allergies, current health and prescriptions -- plus a summary of
insurance coverage. Down the road: "optical memory cards" using laser
technology similar to compact discs. These could store a person's
entire medical history from birth to death, including diagnoses from
every visit to a doctor. The card could even plug into a computer to
produce the patient's X-rays on a TV screen."
The technology under discussion here was not entirely clear: a "thin
computer chip" -- like that in a calculator? How would this be
read/written to? (A friend has told me that
when media ignorami use the words "computer chips", they
could mean just about anything. In the context of "smart
cards" they do in fact mean a tiny CPU and some memory,
with electrical contacts on the card.
.)
I had initial visions of people carrying their medical records around
next to their ATM cards, with the same results -- like scrambling due
to magnetic wallet clasps. The problems of storing an "entire medical
history" on a card are even worse: lost cards, thefts, and invasion
of privacy on a mass scale. Is this a naive assessment of RISK?
(I'm really interested in this. Would anyone with "smart card"
experience care to comment?)
Ellen Keyne Seebacher, Academic and Public Computing, Univ. of Chicago
------------------------------
Date: Fri, 16 Jun 89 14:28:16 PDT
From: cramer@Sun.COM (Sam Cramer)
Subject: No backups -- TOWER of Babel
Another example of not keeping back-ups: I went into Tower Video about 6
weeks ago, selected a tape to rent, and presented the cashier with my Tower
Video card. He told me that he'd have to issue me a new card number, as
the old database had been wiped out in a crash. Tower is a chain; this
loss of data was evidently company-wide.
I guess prospective Supreme Court justices should rent from Tower! Sam
------------------------------
Date: Fri Jun 16 08:59:56 1989
From: osbourma@asd.wpafb.af.mil (Mark Osbourne)
Subject: 'Blip' Blows Computers Back to Paper Age
Dayton Daily News - Tuesday June 13, 1989 Page 3
Office workers, police dispatchers and bank customers got a little taste
of what life would be like without computers Monday when systems across
Montgomery County crashed all at once because of a little electrical "blip".
A power failure of less than a second caused lights merely to flicker,
but was enough to trip circuit breakers in some buildings and zap scores of
computer systems into temporary chaos.
The county's new 911 computer-aided police and fire dispatch system was
affected, delaying response time on some calls.
"It tool down the county's mainframe (computer)," said Sgt. Richard
Elsner, 911 coordinator for the Montgomery County sheriff's office. "We had
calls lined up in the computer waiting to be dispatched, and we just lost
everything. Fortunately, we didn't have any emergency callers waiting."
Dayton Power and Light Co. spokeswoman Ethel Washington said the utility
was unsure what caused the power failure, which she called a "blip." She
said that "with something that quick, we may never know."
The lights flickered in the sheriff's dispatch center in the basement
of the Montgomery County Jail at 11:18 a.m., Elsner said. "The lights went
off for less than a second - I thought somebody cut across the lines or
something," he said.
A second momentary pulse occurred about 11:30 a.m., he said.
The computer failure scrambled things for a few hours, but crews were
dispatched as they were before the computer system was installed. "The
radios are still working," Elsner said.
Washington said DP&L's computers in the West Dayton office, from which
she was calling also were down.
For reasons of security, many private users were mum about the power
failure's effect on their computer systems, "It was nothing major," Society
Bank spokeswoman Susan Byers said.
Nevertheless, customers at several banks were unable to make
transactions at automatic teller machines until the mess was straightened
out.
Tina Hamden, general manager of All World Travel, said airline
reservation computers at the downtown office shut off automatically when the
power went down. Office telephones went dead as well, leaving clients
hanging.
The travel agency did not lose any computer data, but a local computer
expert said that is a risk for most computer users.
If a computer user is accessing data using a disk drive, hard disk or
other storage device during a power failure, that data may be lost during
the transfer from the storage device to the computer's internal memory.
"It goes to that nebulous void for computer data," said Robert Stamper,
president of Databank Information Services Inc., a Dayton company that
provides emergency services for computer users.
"If you don't have a backup, you have to re-enter that data - it has to
be keyboarded back in all over again, and on a big computer, that can cost
an absolute fortune."
Stamper said his staffers were kept busy Monday afternoon delivering
backup copies of computer tapes to clients who lost data during the power
failure.
"They're calling us saying, 'Bring the tapes back out,'" Stamper said.
"They either need a section of their computer records or need to reconstruct
their lost data. If that was a blip, that was a hell of a blip."
His customers, which include several large area companies, were also
reluctant to discuss problems that arose with their mainframe computers.
"They don't want people to know how vulnerable their systems are,"
Stamper said.
------------------------------
Date: 16-JUN-1989 16:56:11 GMT
From: ZDEE699@elm.cc.kcl.ac.uk
Subject: Re: Computer electrocutes chess player who beat it!
In RISKS-8.75, Gene Spafford (spaf@cs.purdue.edu) writes about the Soviet
computer which zapped his opponent when the opponent was about to beat
him... Some may say this is bogus... but it is in fact perfectly possible.
According to the message, this is no normal computer. It is
dedicated to playing chess and moves its pieces on the chess board.
This is possible by magnetising the chess pieces, and moving them
by induced electromagnetic fields in the board. The fields are induced
by passing a current through loops and coils of wires which are
embedded in the board. This is all to tell you that it is possible
for the machine in question to use high voltages. Alternating current
is no use for producing the magnetic fields wanted, so I suspect they
used DC... and DC currents are LETHAL. The muscles contract when the
current flows so the heart of the player would stop immediately.
So one only needs a short circuit to the case of the chess board
(which I suspect was made of metal and not well earthed) and
the friendly computer can become a murderer.
O. Crepin-Leblond, Computer Systems & Electronics,
Electrical & Electronic Engineering, King's College London, UK.
Disclaimers: the usual disclaimers apply...
------------------------------
Date: Thu, 15 Jun 89 17:03:24 EDT
From: rsd@SEI.CMU.EDU
Subject: Re: Hartford Coliseum
[Rich contributed an item which I ran in Software Engineering Notes
four years ago. Here is a fuller explanation. PGN]
In the early morning hours of January 18, 1978, a very heavy load snow and
ice from a winter storm caused the collapse of the 2.4 acre roof of the
Hartford Coliseum in Hartford, Connecticut. This roof was noted for being
one of the first large-span roofs made possible by computer design and
analysis, and was modeled as a space truss using a trusted program.
Fortunately, the several thousand fans attending a basketball game a few
hours before had gone home, and the structure was empty.
After long analysis of the collapsed roof, the initial failure was found to
have occurred in a lateral brace used to stabilize a long, slender truss
member. The immediate cause of failure was the inadequate design of the
connection of the brace. The joint was modeled in the computer as having no
eccentricity, an incorrect assumption. Eccentricity in a connection means
(briefly) that the axis of the applied load is not the same as the neutral
axis of the support, so that a bending moment is developed, putting
additional stress in the member.
A nonlinear collapse simluation was rerun using the correct model for the
joint, and with loading conditions selected to approximate those of the
night of failure. The result was that the connection failed as it had under
the real conditions [1].
Quite simply, the problem here was: The structure analyzed was not the
structure built.
[1] Hartford Roof Failure -- Can we Blame the Computer? Epstein and Smith,
Proceedings, Seventh Conference on Electrical Computation, 1979.
Rich
------------------------------
End of RISKS-FORUM Digest 8.81
************************
-------