RISKS@KL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (09/03/88)
RISKS-LIST: RISKS-FORUM Digest Friday 2 September 1988 Volume 7 : Issue 43
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Statistical reliability estimation criticized (Brian Randell)
Calling party identification (Mark W. Eichin, TMPLee, anonymous)
Automotive EMI - a personal experience (Scott C. Crumpton)
The mental tyranny of a cash register (Steven C. Den Beste)
Intoximeter risks (Andrew Vaught)
SSNs, Passports (Chris Hibbert)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM.
FOR VOL i ISSUE j / ftp kl.sri.com / login anonymous (ANY NONNULL PASSWORD) /
get stripe:<risks>risks-i.j ... (OR TRY cd stripe:<risks> / get risks-i.j ...
Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95).
----------------------------------------------------------------------
Date: Fri, 2 Sep 88 11:07:59 WET DST
From: Brian Randell <Brian_Randell%newcastle.ac.uk@NSS.Cs.Ucl.AC.UK>
Subject: Statistical reliability estimation criticized (Jon Jacky, RISKS 7.40)
Re: Jon Jacky's message, stating that:
>John Cullyer of the British Royal Signals and Radar Establishment ...
>said, "Let's throw out the 10 ** -9" - and many of the audience
>responded with enthusiastic applause. Someone asked if he would accept a
>failure probability of only 10 ** -4 or 10 ** -5 for nuclear weapons safety.
>He responded, "In the weapons area there should be no room for probability.
>If something is unthinkable, don't let it happen. You either certify it or
>you don't - one or zero."
I'm appalled by this comment, if it is reported as accurately as I fear it is!
Just because something is "unthinkable" doesn't mean that *any* particular
technology, such as certification, will *guarantee* that it will not happen,
and that no measures need be taken, or even considered, to allow for the
possibility of failure. (This is the sort of thinking which has "justified" the
reported lack of planning in the UK for dealing with Chernobyl-scale
catastrophes at nuclear power stations.)
I find the following attitude much more professional. (The quote comes from the
review by Tom de Marco of "Principles of Software Engineering Management", by
Gilb and Finzi, in IEEE Computer for August 1988):
"We must quantify everything that matters to eventual project success or
failure. Everything - particularly those product characteristics that we treat
as unquantifiable (flexibility, "user-friendliness," net benefit, etc.) -
must be scaled and targeted. Some of the quantifications will be "fuzzy"
in Gilb's terms, but even fuzzy numbers are far better than no numbers at all.
The very act of coming up with the best-effort quantification of these factors
guides us towards success and knowing how well we are doing along the way."
Otherwise, how will the Cullyers of this world for example (i) choose between
rival certification techniques, (ii) know when certification is "complete", or
(iii) decide how to divide a finite budget between certification and
complementary approaches to reducing the likelihood of having to experience,
and apologise for, an "unthinkable" occurrence. (In fact I fear I know the
answer - by blind faith and misguided eloquence!)
All this is not to say that naive unjustifiable quantification, such as often
accompanies the bandying around of figures like 10 ** -9, any more
professional. However the fact that such naivete occurs is no reason to
abandon attempts to find means of making, justifying and intelligently using,
quantified reliability assessments, even w.r.t. design errors, especially with
systems whose failures would be truly catastrophic.
Brian Randell
------------------------------
Date: Thu, 1 Sep 88 22:22:08 EDT
From: Mark W. Eichin <eichin@ATHENA.MIT.EDU>
Subject: Calling party identification
>... It is my observation that most people believe that "tracing a call" is
>still a difficult, time consuming process that cannot be done routinely. This
>story shows that it is a service phone companies offer to commercial
>customers, although I have not seen any reports of it also being offered to
>residential customers ...
I believe the New Jersey telco offered digital display of incoming number to
private subscribers a year ago; here at MIT, with the installation of a 5ESS
system with full ISDN support available to offices, the digital set
automatically displays the phone number the call came from (if it was within
MIT; apparently there isn't software in place to track calls from other
switches yet, the display merely indicates "Outside"). The documentation for
the dormitory phones included mention of a ``privacy code'' which meant dialing
65 before any phone number; the pamphlet with the phone didn't actually explain
what the privacy code *did* however.
Mark Eichin, SIPB Member & Project Athena ``Watchmaker''
------------------------------
Date: Thu, 1 Sep 88 22:42 EDT
From: TMPLee@DOCKMASTER.ARPA
Subject: Calling party identification Phone number tracing
Our local cable company must use the same kind of connection to the phone
company that the pizza place mentioned in RISKS-7.42 does. They have several
pay-by-view channels and a set of incoming phone numbers. To order a
pay-by-view event all you do is dial something like 938-77xx where the xx is
the "ordering" code for the particular movie or live event (local sports, etc.)
you want. A computer answers the call and is somehow told where the call was
from; it looks that up in a data base, finds the i.d. of your cable box and
enables the show. (It goes on your bill, of course.) Rather clever, actually:
no human operators and it works from either a dial phone or a touch tone phone.
Don't use it much, and apart from misdialling the only "risk" I have is
remembering to use line 1 rather than line 2.
Ted Lee
------------------------------
Date: Thu, 1 Sep 88 19:57:52 xDT
From: [anonymous]
Subject: Calling party identification
While there is work going on to allow for the identification of calling parties
by the callee, such systems are not generally implemented and won't be for some
time to come. There are some limited test projects, but I don't believe that
any large-scale operation of the sort implied is currently operational.
Most likely what is actually happening is that the first question people are
asked when they call the pizza folks is "what is your phone number?" Then
the computer operator punches that in and up pops all the info from any
previous call. It is unlikely that they are receiving the calling party's
number in realtime. It IS true that with some long-distance carriers' 800
callers numbers are made available to the callee, but this is done on a
billing cycle basis (i.e., in the billing statement) and not in realtime.
If it turns out the pizza folks ARE receiving the number ID in realtime,
then they are in one of the test groups and one can't help but wonder how
many folks in the area realize the ramifications of this all (see below).
Now, in the middle future the issue of the callee being able to receive the
number of the caller will be a significant one for us all. The technology is
being put into place. At first glance, many people might say, "Gee, how neat,
I'll know the numbers of the phone solicitors who bother me." But think again.
It would work both ways. Do you really want YOUR phone number recorded (and
possibly later called back with solicitations, matched with addresses for
mailings, etc.) whenever you call a business, possibly from your private line
you only intend to use for outgoing calls, or from some friend's house or
business from where you happened to make the call? If you make a business call
from home, do you necessarily want the person receiving the call to immediately
have your home number? Do they have any right to that number rather than
calling you back on the office number you might give them? There are a variety
of complex ramifications.
Even worse, if YOU could see the callers' numbers on calls YOU receive, you
might be disappointed at much of what you'd see. Most big solicitation
businesses use special outward-calls-only trunking groups; you would frequently
see undialable numbers like 012-4161 on your display. Such info isn't going to
do you a lot of good without a lot of hassling with telco for info (which they
might well be unwilling to give you).
And what about obscene phone calls and such? Won't this system help stop them?
Well, maybe some dummies would get caught, but there are one hell of a lot of
payphones out there and people could easily move from one to another
indefinitely...
The issue of privacy of callers' numbers is thus more complicated than it might
appear at first. Some proposals call for unlisted numbers not to routinely
display on callee displays. Some other plans propose a control prefix (e.g.
"*21") which you could dial before dialing a phone number if you want to block
number display for that particular call.
All in all the issues involved are quite complex. The time to start thinking
about them is now.
------------------------------
Date: Fri, 26 Aug 1988 09:51:42 LCL
From: NESCC%NERVM.BITNET@CUNYVM.CUNY.EDU (Scott C. Crumpton)
Subject: Automotive EMI - a personal experience
There is a section of road that I frequently drive which comes within about 600
feet of a TV (ch 20) transmitter tower. Within a distance of approximately 1/4
mi of the tower, the cruise control on my 87 Volvo 240DL will not set properly.
The "set" button acts like "resume", causing a normal rate of acceleration up
to the previously set speed. This behavior is repeatable in this location,
however I have not noticed any other symptoms or occurrences in other locations.
Considering the "success" that I have had getting minor problems (like cold
start stalling) fixed at the local Volvo dealer, I don't think I'll be taking
this one to them. I will probably attempt to fix it myself with some ferrite
chokes and a little shielding.
---Scott.
------------------------------
Date: Mon, 29 Aug 88 12:01:58 -0400
From: denbeste@OAKLAND.BBN.COM
Subject: The mental tyranny of a cash register
Last Saturday I was in a local mall, and being thirsty I went to a cookie-
over-the-counter store which was handy, and ordered a "medium rootbeer", price
listed as $.75. I proffered a dollar, and was given $0.19 change.
[It should be explained at this point that Massachussetts has a 5% sales tax.
However, this would have fallen under the restaurant and meal tax, which also
happens to be 5%.]
"Wait a minute", I said, "The sales tax on this should be 4 cents, not 6."
"I know. The cash register is broken. But that is what it says to give you, so
that's what I have to do." [I suspect my memory may be making his words a bit
different - please bear with me.]
"Give me the rest of my change!"
"There's no way for me to do that." I walked away snarling.
Actually, of course, he could just have hit "No Sale" and gotten two more
pennies out of the till. But, having done so, at the end of the shift the till
would have contained less money than the cash register said it should, and he
would've had to make up the difference out of his own pocket. Given a choice
between it being his money and being mine, he wanted it to be mine.
Both of us were trapped by a cash register which had been programmed for an 8%
sales tax.
Now that I've cooled down, I'm not even sure that he thought it through to the
point I gave two paragraphs ago. I think his reaction was merely: Do what the
machine says, even if you KNOW it is wrong.
Editorial point: Shades of the Vincennes.
We are the elite - we understand, at least in principle, what
goes on inside of virtually anything which is computerized. This makes us free
- we know enough to know that the computer can be just as wrong as a person
can, since a person decided ahead of time what it would do. It is only a
machine, and is just as fallible as its creators.
But for those out there who truly have no idea what a computer is, it has
become a kind of oracle or demigod: You follow its orders and you DO NOT
QUESTION, because it is smarter than you. Perhaps this is why some people
flatly refuse to use automated tellers at banks, and literally refuse to touch
a computer keyboard even when urged. Those who mess with the gods get turned to
spiders.
When put in a job-related situation where interaction with a computer is
unavoidable, the computer truly becomes almost a deity: YOU DO NOT QUESTION.
("We are sorry, Mr. Thompson, but our computer says that you are dead. We do
not do business with corpses.")
[Maybe I HAVEN'T cooled down, after all.]
------------------------------
Date: Thu, 01 Sep 88 13:33:56 PLT
From: Andrew Vaught <29284843%WSUVM1.BITNET@CUNYVM.CUNY.EDU>
Subject: Intoximeter risks
{Taken from the 24 August 1988 Spokesman-Review without permission}
GASSED OR DRUNK? PRISONER FILLS 'ER UP
While official witnesses looked on, a Bonner County Jail prisoner swigged a
paper cup full of gasoline last week in an effort to prove himself innocent
of drunk driving. Sagle resident Barry Joe Raynor, 20, claims he was
siphoning gasoline just before he was arrested for drunken driving last Jan
14, said his attorney Jonathon Cottrell. When the case goes to trial in 1st
District Magistrate Court next week, Cottrell and Raynor will argue it was
gasoline on his breath that lit up the scoreboard on Bonner County's
intoximeter the night he was arrested.
[The article goes on to say why drinking gasoline is not a real good idea and
how drinking a cup of gasoline showed a .28 percent blood alcohol level one
hour later.]
Although the article never mentions what kind of `intoximeter' is actually used
in the tests, it is pretty obvious that it is not directly measuring blood
alcohol content, but some other telltale that allows it to be fooled by
gasoline.
[NPR this morning noted that when the tape recording of the arrest was
played in court, Raynor sounded so intoxicated that he simply gave up on his
gas defense. OK. This item thus appears to not be RISKS related, although
the risk of false positives on such tests is always a risk that must be
recognized. PGN]
------------------------------
Date: Wed, 31 Aug 88 17:45:40 PDT
From: Hibbert.pa@Xerox.COM
Subject: SSNs, Passports
I was just looking through Robert Ellis Smith's "Report on the Collection and
Use of Social Security Numbers", and on the final page he added a note about
SSN's and the Passport office. Since there was some unresolved discussion of
this at the beginning of the year, I thought I would forward the information.
Smith says that as of the beginning of this year, SSN's are required on
passport applications, and failure to include it may result in a $500 fine.
I'm as puzzled by this as the people who reported similar things in January. I
don't know why the passport office doesn't refuse to handle applications
without SSNs and just forget about the fine.
The reason they want the number in the first place is apparently so that the
IRS can make sure that Americans living abroad file returns.
If there really is a fine, then it should be mentioned in the requisite Privacy
Act notice along with a statement as to whether disclosure has an impact on
you're getting a passport.
The "Report on the Collection and Use of Social Security Numbers" can be
ordered from the Privacy Journal, P.O. Box 15300, Washington DC 20003. Their
phone number is (202) 547-2865. I was dissapointed in the level of the report.
It's mostly a sampler of case histories of people who were burned in various
ways by abuse of their numbers. It contains little in the way of privacy
advice that hasn't already appeared here.
Chris
------------------------------
End of RISKS-FORUM Digest 7.43
************************
-------