Date: Fri 6 Sep 85 00:04:39-PDT

Date: Fri 6 Sep 85 00:04:39-PDT
From: Peter G. Neumann <[email protected]>
Subject: RISKS-1.6, 06 Sep 85
To: RISKS: ;

RISKS-FORUM Digest Friday, 6 Sep 1985 Volume 1 : Issue 6

FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
Peter G. Neumann, moderator

Contents:
Joseph Weizenbaum's comments (Dave Parnas)
Good Risks and Bad Risks (Dave Brandin, PGN)
Hot rodding you AT (Dan Bower)
Hazards of VDTs and CRTs (Al Friend)
crt & non-crt risks (Brint Cooper)
The Case of the Broken Buoy (Herb Lin, Matt Bishop)

(Contributions to [email protected])
(Requests to [email protected])
(FTP Vol 1 : Issue n from SRI-CSL:<RISKS>RISKS-1.n)

----------------------------------------------------------------------

Date: Thu, 5 Sep 85 07:28:56 pdt
From: vax-populi!dparnas@nrl-css (Dave Parnas)
To: [email protected]
Subject: Joseph Weizenbaum's comments <[email protected]>: sdi]

Although there is a great deal of truth and wisdom in Weizenbaum's
message, I believe that he overlooks the reason that SDI would be
destabilizing and another step in the Arms race. It is not because
of the stated goals of the program (Reagan's March 1983 speech) but because
those goals are not achievable. There would be nothing wrong with rendering
ICBMs and other weapons obsolete. On the contrary, everyone should want to
see every country, city, and town protected by an impenetrable shield that
would free it from the fear of the indiscriminate horror that rained down on
Nagasaki and Hiroshima. It is because the SDIO efforts will not lead to
technology of that sort, that SDI is the things that Weizenbaum says it is.

I agree with Weizenbaum that we need to seek non-technological
solutions. Technology is not likely to provide solutions in a situation
where we oppose a power with equally sophisticated technology.

I believe that SDI is one issue where both disarmament and armament
supporters could agree. Both sides seek peace through different mechanisms,
but neither will find their goals advanced by an untrustworthy "shield".

Dave

------------------------------

Date: Thu 5 Sep 85 11:40:30-PDT
From: Dave Brandin <[email protected]>
Subject: Good Risks and Bad Risks
To: [email protected]

Peter: I love your material that's being generated and produced, but I note
that it seems to weigh overwhelmingly against the computer. Aren't people
sending you any GOOD stuff? Like with the aid of a computer, 27 lives were
saved, etc.? Like using the new NEC fingerprint computer, they were able to
match the Stalker's finger-prints in 3 minutes, etc? Maybe you need a Call
for Good News?

Dave

------------------------------

Date: Thu 5 Sep 85 23:32:45-PDT
From: Peter G. Neumann <[email protected]>
Subject: Good Risks and Bad Risks
To: [email protected]
Cc: [email protected]

Today's SF Chronicle had a nice article on "Computer Holds Promise in
Diagnosing Heart Disease", in greatly reducing the number of false
negatives. But even there are significant risks. Suppose you or your
doctor trusts the computer program more because it indeed has fewer false
negatives, and now you produce a false negative. We are back to the case of
the woman who killed her daughter and tried to kill herself and her son
because the computer program had falsely produced an "incurable"
diagnosis. (See the July 85 issue of Software Engineering Notes.)

Well, in the first issue of RISKS I recall saying there has got to be more
to this forum than just pointing out negative things. I noted hope from the
research community, although one of the agonizing things that we have
observed in the ACM Special Interest Group on Software Engineering (SIGSOFT)
is the enormous gap between the research community and what is actually
being done in practice. For critical systems, the ordinary software
development techniques are simply not good enough.

Yes, we should of course point out successes. For example, the Shuttle
project has had many -- along with its much more visible problems.

Peter

------------------------------

Date: Wed, 4 Sep 85 14:41:38 EDT
From: Dan_Bower%[email protected]
To: [email protected]
Subject: Hot rodding you AT

In a recent issue of PC Magazine, Peter Norton espoused the idea of
substituting a faster clock chip to enhance performance. Now, according
to the folk on the Info-IBM PC digest, this may create problems. An
off the shelf PC AT is composed of components guaranteed to work to
IBM spec, e.g. 6 Mhz. If I increase the clock rate, then the whole
rest of the machine has to be up to snuff. If not, a part dies and
I pay a nasty repair bill.

Now if I took Mr. Norton's word as gospel, swapped chips and set
my PC AT on fire, would he be liable? How about the publisher?

------------------------------

Date: Thu, 5 Sep 85 15:23:05 edt
From: friend@nrl-csr (Al Friend, Space and Naval Warfare Systems Command)
To: risks@sri-csl
Subject: Hazards of VDTs and CRTs

When evaluating the risks associated with various forms of technology
it is sometimes useful to have in hand the available data.

The Food and Drug Administration published a study in 1981:

An Evaluation of Radiation Emission
from
Video Display Terminals

HHS Publication FDA 81-8153

The ionizing, optical, RF and acoustic radiation from a number of
terminals was measured. I will briefly quote some of the conclusions
of this study.

For ionizing radiation:

3.5 DISCUSSION

Sufficient research information is available to estimate a range of
risks of injury from ionizing radiation exposure. Delayed disease,
such as heritable mutation or cancer, usually forms a basis for the
estimation, expressed in terms of the instances of the effect per
person per unit of radiation (rad,rem, or R). The risk estimates
form a basis for radiation protection guidelines.

For a VDT operator, the radiation protection guideline for
individuals in the general population is appropriate. The guideline
-- 500 millirem per year -- is for man-made radiation exposures
excluding medical use. For both normal and Phase III operating
conditions, the likely emission from a VDT is 0.1 mR per hour or less.
Terminals capable of exceeding the 0.5 mR per hour regulatory limit
receive special attention (see Section 3.2, above). With assumptions
of 6 hours of viewing per day, 5 days per week for 50 weeks per year,
the annual radiation dose to an individual 2 inches from the front
surface of a screen emitting 0.1 mR per hour would be 150 millirem.
Note that 2 inches is an unrealistically short viewing distance; as
one moves further away from the screen, the radiation exposure
decreases correspondingly.

For RF radiation:

4.5 DISCUSSION

Research information on bioeffects for the frequency range 15kHz to
125 kHz is lacking, so empirical estimates of injury are not possible.
However, the radiation in this frequency region interacts only
slightly with the human body, so that significant biological effects
are unlikely. At the present time, no standard or guideline has been
adopted in the U.S. for grequencies below 10 MHz.

For ultrasound radiation:

5.4 DISCUSSION

When airborne ultrasound impinges on human skin less than 1 percent
is absorbed, the remainder being reflected. The ear, however, is an
efficient coupler of acoustic energy from air into the human body.
Therefore, investigations of the biological effects of ultrasound
levels much higher than those found in the VDT survey have included
temporary threshold shifts in hearing (6). So-called subjective
effects have also been associated with high levels of ultrasound
exposure, and include fatigue, headache, tinnitis, instability, a
"fullness" in the ear, and nausea. One report (7) tentatively
associates the subjective effects with audible high frequency
components of sonic radiation. The studies were performed in the
exposure range 70-120 dB in an industrial setting, and at 150 dB.
No long term effects or delayed injuries are known.

No formal standard for ultrasound exposure presently exists in the
U.S. Among several voluntary guidelines available, the
recommendations of W.I. Acton of the United Kingdom were used to
compare the VDT results, because they are the most conservative in
this frequency range. The highest acoustic measurement obtained
from a VDT in this study was 68 dB, well below Acton's guideline
of 75 dB, and well below the energies associated with biological
effects.

For "ergonomic" factors:

7. CONCLUSIONS AND RECOMMENDATIONS

*****
*****

The word processing field has expanded much faster than has the
understanding of its impact on people who use VDTs. The impact
may be felt in areas such as employee morale, compensation,
work hours, and work conditions. We suggest that work conditions
be given serious conisideration as the primary cause of VDT-user
complaints. The problem is not simple, however. An extensive
review of stress factors in the word processing work area (10)
identified five separate factors that contribute to fatigue:
vision, posture, environment, task organization, and higher
order items such as disease susceptibility. As early as 1976,
it was recognized that glare (room lighting reflecting from the
VDT face plate), work position, ambient noise, and work duration
(absence of breaks) could be the most important factors
influencing the VDT worker's health (11). The parallel
between the 1976 and 1979 studies is sufficiently strong for
us to suggest that efforts expended to reduce stress caused
by these factors would also reduce the adverse impact on
health.

The above quotes from the FDA document are some of its most important
conclusions. References to additional work are provided in the
document. There has been further work since the time of this report
(1981). I do not have immediate access to these later references. I
believe they tend to bear out the conclusions of this report.

From conversations with those closer to this field than I, I get the
impression that one of the major stress factors in commercial word
processing operations is the highly regimented work situation, and the
possibility of being fired, if the operator does not turn out a certain
minimum amount of mistake free work per hour.

------------------------------

Date: Thu, 5 Sep 85 11:55:42 EDT
From: Brint Cooper <[email protected]>
To: [email protected]
cc: [email protected]
Subject: Re: crt & non-crt risks

Many of the crt/workplace issues you raise are shared by another group
whose members are quite diverse in their use of crt terminals:
secretaries.

I know this is not quite the correct forum, but workplace rules and
legislation designed to "protect" users of terminals from problems of
posture, vision, and stress should consider this forgotten group of
workers as well. Their problems are nearly the same.

Brint

------------------------------

Date: Thu, 5 Sep 85 17:06:21 EDT
From: Herb Lin <[email protected]>
Subject: The Case of the Broken Buoy
To: [email protected]
cc: [email protected], [email protected]

In response to:

Dave Curry's right. I remember reading a newspaper report which
said, in essence, that the NWS/NOAA lost because it had failed to
predict the storm. I didn't believe it, so I read on, and the report
said that since they had known of a broken buoy, had failed to repair
it (I think it had been broken for several months), and therefore failed
to get the information needed to give a warning, they were guilty of
negligence and had to pay. Quite a far cry from what the story had
begun as!

On the other hand, the NWS also said that even if the buoy had been
alive at the time, they would not have predicted the storm. This
isn't to defend sloppy journalism, just to point out that the
newspaper was in essence correct in this instance.

------------------------------

Date: 5 Sep 1985 2049-PDT (Thursday)
From: Matt Bishop <[email protected]>
Organization: Research Institute for Advanced Computer Science
Address: Mail Stop 230-5, NASA Ames Research Center, Moffett Field, CA 94035
Phone: (415) 694-6363 [main office], (415) 694-6921 [my office]
To: Herb Lin <[email protected]>
Cc: [email protected]
Subject: Re: The Case of the Broken Buoy

Did the NWS say that (i.e., even if the buoy had been alive at the time,
they could not have predicted the storm) in testimony, or after the verdict?
If after the verdict, no comment. But if as testimony, Herb, the jury (or
judge) apparently didn't believe the NWS testimony. If you believe the NWS
claim, the headline was correct, but it's unfair to say the court ruled that
way when it explicitly based its ruling on negligence.

------------------------------

End of RISKS-FORUM Digest
************************
-------