Date: Wed 4 Sep 85 20:32:56-PDT
From: Peter G. Neumann <
[email protected]>
Subject: RISKS-1.5, 04 Sep 85
To: RISKS: ;
RISKS-FORUM Digest Wednesday, 4 Sep 1985 Volume 1 : Issue 5
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
Peter G. Neumann, moderator
(Contributions to
[email protected])
(Requests to
[email protected])
(FTP Vol 1 : Issue n from SRI-CSL:<RISKS>RISKS-1.n)
Contents:
The Strategic Defense Initiative (Joseph Weizenbaum)
1.5 million Ford engines need recall? (Hal Murray)
Risks in CAD, etc. (Eugene Miya)
crt & non-crt risks (Mike McLaughlin)
Computerworld... on Union Carbide and NJ false arrests (Charlie Spitzer)
More on false arrests (PGN)
----------------------------------------------------------------------
Date: Wed 4 Sep 85 14:19:15-EDT
From: Joseph Weizenbaum <
[email protected]>
Subject: The Strategic Defense Initiative
To:
[email protected]
Greetings !
I've just been introduced to the RISKS b-board you have undertaken
to maintain. It is a good idea. What stimulates this particular outburst
is John McCarthy's observation that many of the computer people who
maintain that Star Wars can't be made to work for technical reasons, e.g.,
those brought forth by Parnas, are people who have opposed many other
government initiatives. I imagine he means among others the war on Viet
Nam, the MX missile, the ABM initiative of years ago, the administration's
policies vis-a-vis Nicaragua, Cuba and El Salvador, and so on and on.
I confess I've been on what from John's point of view must be characterized
as the wrong side on each of the above controversies. But then John has
been on what I would have to see as the wrong side on all these questions.
Does that relieve me of the obligation to guard my intellectual honesty by
studying his actual arguments ? If so, then the very possibility of dialog
between holders of opposing views becomes impossible.
It is, however, important for people who indeed have a point of view to make
their positions clear, at least not to hide them. Their doing so ought not
to disqualify what they then have to say. For myself, I find it even more
important to actually draw on my quasi pacifist position in arguing about
Star Wars and similar issues and to explicate the connections I make. I do
believe (with Parnas and many others) that the software required simply
cannot be produced to the degree of confidence without which it would be a
meaningless exercise. I don't want to rehash the various technical
arguments here, however. Let me just rest on the well publicized statements
of CPSR and of Parnas. I want to say in addition, however, that I would not
support the SDI initiative even if I thought it to be technically feasible.
In that, John is quite right. I'm afraid that many of the computer people
who rest on the technical arguments alone leave the impression that these
alone constitute their objections to the program. Perhaps that is the
position of many objectors in the computer community. I think, however,
there are many who would join me in resisting the program even if it could
be shown to be technically feasible. I think John is quite right in asking
that that be made explicit where it applies.
This is not the place to air political and ideological positions. For
clarity's sake, I just want to add to the above that I believe it to be
necessary to the survival of us all that we come to some social, political,
cultural accommodation with the rest of the peoples of the world even when,
or especially when, they organize their societies differently than we do
ours. SDI is in the tradition of the great technological fixes which
appear to their authors to relieve them of the responsibility to confront
underlying human problems.
Besides, SDI is a giant step to the further militarization of space and of
our society. I oppose that as well.
Joseph Weizenbaum.
[For those of you just returning from the London 8th International
Conference on Software Engineering, we eagerly await reports on
the panel session of Fred Brooks and Dave Parnas on the feasibility
of SDI from the software engineering point of view alone.
You will find a lengthy special report on "Star Wars" in the
IEEE Spectrum, September 1985. My copy arrived today.
SDI: The Grand Experiment
Part 1 -- Mind-boggling complexity
Part 2 -- Exotic weaponry
Part 3 -- Debating the issues
PGN]
------------------------------
Date: Tue, 3 Sep 85 12:18:36 PDT
From:
[email protected] (Hal Murray)
Subject: 1.5 Million Ford Engines Need Recall?
To:
[email protected]
This morning, my radio said something about a consumer group wanting
Ford to recall 1.5 million engines. Nobody knows what's wrong, but they
are blaming it on the computer. (I didn't get the fine print. I wasn't
awake.) Anybody know if that's the real problem or just a convenient
scapegoat?
[The 4 Sept 85 NY Times has a note on the recall of 454,000
Chevy/Pontiac compacts for corroding pollution control equipment, and
105,000 VW and Audi cars for faulty brake hoses, but nothing on Ford. I
would love to follow up on the 1.5 million Fords, but haven't found
anything yet. PGN]
------------------------------
From:
[email protected] (Eugene Miya)
Date: 3 Sep 1985 0859-PDT (Tuesday)
To:
[email protected]
Subject: Risks in CAD, etc.
Something, I have been wondering about, perhaps for future discussion might
concern liabilities of CAD products. It seems more merchandise I purchase
is shoddy, and I am beginning to wonder what some of the consequences of
"making the metal a bit thinner to save.." could be. I realize we are
using CAD and simulation tools to make things more efficient, perhaps the
case of the over efficient engine which flamed out when it flew through rain
[as reposted in SEN, I believe] might be a case in point. What were our
margins of safety in the over-engineering we did in the past? Any studies yet?
Lastly, regarding mail formats: I have run on a gamut of different mailers
[my current one, mh, is not bad], but I can sympathize with those having
problems. It seems Peter's comment about programs was a bit harsh. I used
to read netmail on an IBM machine which concatentated all letters and was
destructive [read once mail].
--eugene miya
NASA Ames Research Center
------------------------------
Date: Wed, 4 Sep 85 18:22:22 edt
From: mikemcl@nrl-csr (Mike McLaughlin)
To:
[email protected]
Subject: crt & non-crt risks
It is important we separate crt from non-crt risks. X-rays, color-perception,
& possibly eye fatigue I see as crt related. Posture may be, for a person
tied to the tube for extended periods. Junk food is a non-crt risk, but may
be a denial-of-service risk, if introduced into certain apertures around the
crt. Might also be a hazard to your health, if conductive.
X- & like radiation: I am done producing children, I hope. So does my
wife. Unless radiation reaches carcinogenic levels, I am not concerned for
me. My children all use/will use crts, unless some other display becomes
more economical in the near future. We have 5 children, all of age. I am
concerned about them.
Posture: As an occasional, voluntary, crt user, my posture is my problem.
Take the paper out of my office; or give me a clerical/data entry type job;
then I will see posture as a crt/computer risk. Any obstetrician will worry
about any woman who sits in any one position for long periods. At one point
in one pregnancy my wife had to fly home while I drove alone - solely so she
would not have to sit still too long. (Many years ago I was told that the
blood supply to the brain passed through the peri-anal region. This accounts
for the number of dumb comments and sleeping attendees at various conferences
with inadequate breaks.)
Color-perception: When I go home after dark tonight, the white line will be
pink. No, I'm not on anything. If the screen were pink, the line would be
green. If color sensitivity mattered to me... say, if I performed color-
matching titrations in a hospital, or put color-coded resistors & capicators
into non-ICs, I would worry about color perception.
Considering the liability discussion in V1 #4, perhaps we all should.
In 1956 or 1957 I ran across the proceedings of something-or-other on human
factors in submarine design. Book was pretty beat up, so it had been around
for a while. It cited some *railroad safety* research on color perception.
I think the RR stuff was pre WW-II. Said red & green were neat colors for
signal lights. Also said *yellow symbols on a black background* were the
best combination for a symbolic display... and that the reverse was the next
best. Hence, road signs. Amber screens... ?
Eye-fatigue: Not crt-unique, but... look at anything long enough, your eyes
will tire. Look at anything slightly fuzzy, & your eyes will tire quickly, as
they try to focus on the un-focusable.
Summary: If a tired terminal operator hits a tree on the way home, it might
be due to poor color perception, fatigue due to poor posture (read:
furniture), eye fatigue due to poor colors, poor contrast, fuzzy images. It
might be a financial disaster for the firm that employed said deceased.
Some attorney might look closely into the work situation, and computers
would get a bad name when we are really talking about bad management of the
computer-workplace.
- Mike
------------------------------
Date: Tue, 3 Sep 85 13:07 MST
From: Charlie Spitzer <Spitzer%
[email protected]>
Subject: Computerworld Aug 19 articles
To:
[email protected]
Readers may be interested in 2 articles from Aug 19 Computerworld.
page 6. Union Carbide modeling program given wrong data.
Discusses wrong information about gases input to a program that was
supposed to model gas cloud dispersal. Notable quote: "These programs
have been sold to safety people as opposed to engineers, because [the
systems] provide good [public relations], are attractive visually and
can provide a fairly inexpensive way of dealing with a problem you hope
you'll never have."
page 12. On-line crime suspect system implicated in false arrest.
Discusses case of a NJ woman arrested, strip searched and jailed on two
separate occasions because of inadequate information stored in the NCIC
computer.
charlie
------------------------------
Date: Tue 3 Sep 85 13:56:12-PDT
From: Peter G. Neumann <
[email protected]>
Subject: More on False Arrests
To:
[email protected]
[For those of you who do NOT read the ACM SIGSOFT Software Engineering
Notes, here are three items taken from my RISKS column in the July 1985
issue on the subject of false arrests. For those of you who have already
read these items, you have come to the last message in this issue and need
read no further.]
In the past quarter year, there were two different stories of people winding
up in jail due to computer-related snafus, and an earlier story that
serendipitously goes along with them.
1. The AnchoRages Of Sin
An article on page 17 of the 15 April 1985 issue of ComputerWorld entitled
``DMV computer error puts innocent motorist in jail''
provides us with another software glitch with harmful side-effects. (Brad
Davis [b-davis@@utah-cs.ARPA] was the first to point this one out to me.)
The article (by Kathleen Burton) details how a mistake in programming the
new Alaskan Department of Motor Vehicles computer system resulted in
a motorist spending a night in a Fairbanks jail. The computer indicated
(erroneously) that C. R. Griffin was driving with a suspended license.
The article also said that only by human intervention were 400 additional
driver's licenses not erroneously suspended. Apparently the database
kept records of all violations in the past @i[five] years, but was supposed
to search only over the last @i[two] years for motorists who should be
suspended. A programmer was quoted as saying that ``the cost of correcting
the mistake [in the program] was insignificant.''
2. Shirley There Must Be a Way Out
And then, on 25 April 1985, the Associated Press ran a story about
congressional hearings on the FBI national crime computer. Two incidents were
included. The first involved an airline flight attendant who was falsely
arrested and detained because of incorrect information in the FBI's national
crime computer. Sheila Jackson Stossier was arrested on 28 October 1983 at the
New Orleans airport, because a woman named Shirley Jackson was wanted by Texas
authorities. She wound up in jail for the night and detained in Louisiana for
five days. She now has an arrest record, and her married name Stossier is
listed in the computer as an alias. Coincidentally, another Shirley (Jones)
was also wrongly arrested because another woman alias Shirley Jones was listed
in the computer -- despite the facts that they had different birthdays, were
six inches apart in height, and 70 pounds in weight. ``Despite this, the
Sheriff's office refused to drop the charges.'' (To make matters worse, it was
later determined that the wanted Shirley was already in jail at the time!)
3. One in Five Warrant Records Were Wrong -- Poor Odds
David Burnham (NY Times News Service) reported the following
related story on 12 Feb 1985.
A Michigan man filed suit charging that he was wrongfully arrested five
times in 14 months after an arrest warrant for a man using his name was
placed in the national computer system of the FBI. The man, Terry Dean
Rogan, charged that four of the arrests occurred after Michigan police had
made an unsuccessful effort to get the warrant changed. Rogan contends and
the police confirm that the man actually being sought was another person
using Rogan's stolen identity and credit cards. Rogan, who is 27 years old,
is not wanted for any crime.
[The rest of the last story (which goes on for another page) is in the July
issue of Software Engineering Notes. It was also BBOARDed earlier, so I
did not think it should be recyled again!]
------------------------------
End of RISKS-FORUM Digest
************************
-------
