13-Apr-86 23:48:49-PST,8971;000000000000

13-Apr-86 23:48:49-PST,8971;000000000000
Mail-From: NEUMANN created at 13-Apr-86 23:47:16
Date: Sun 13 Apr 86 23:47:16-PST
From: RISKS FORUM (Peter G. Neumann, Coordinator) <[email protected]>
Subject: RISKS-2.41
Sender: [email protected]
To: [email protected]

RISKS-LIST: RISKS-FORUM Digest, Sunday, 13 Apr 1986 Volume 2 : Issue 41

FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents: " /
Computer Naivete (Lindsay F. Marshall)
Admissability of computer files as evidence (Scott E. Preece)
Programming productivity (Henry Spencer)
The San Jose Public Library [and responsibilities] (Sriram Vajapeyam)

The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to [email protected], Requests to [email protected].)
(Back issues Vol i Issue j stored in SRI-CSL:<RISKS>RISKS-i.j. Vol 1: MAXj=45)

----------------------------------------------------------------------

From: "Lindsay F. Marshall" <ncx%[email protected]>
Date: Fri, 11 Apr 86 11:32:53 gmt
To: risks@sri-csl " /
Subject: Computer Naivete

A LITTLE OFF KEY [from the Guardian Computer Page April 10]

A member of our Moles in Schools project reports that an
adviser was called to a school where they were having trouble with
their new disc drive. He arrived to find a C15 cassette tape wedged
firmly in the slot.
Then a headmaster reported that his school had "broken their
BASIC". They had got a syntax error message.
Best of all was the school where staff took exception to the
QWERTY arrangement and rearranged the keys to read ABCD etc. To their
consternation the character on the key which had been hit did not then
correspond to what appeared on the screen. The adviser was greeted,
on arrival, by an eight-year- old boy saying: "Thank goodness you've
come. They don't know what they are doing. I told them they had to
change the switches underneath as well but they wouldn't take any
notice of me."

------------------------------

Date: Fri, 11 Apr 86 09:56:01 cst
From: preece%ccvaxa@gswd-vms (Scott E. Preece)
To: [email protected]
Subject: Re: Admissability of computer files as evidence?

> From: kathy%[email protected] (Kathryn Smith)
> I, for one, find the thought that some court of law might, in
> ignorance, accept computer files as evidence frightening...

I would think that a computer file would be acceptable evidence under the
same conditions that a paper document would be acceptable evidence -- when
there was a believable evidentiary chain establishing its provenance. Thus
a computer file bearing a particular date would mean just as little as a
piece of paper with the same date, unless it could be established that that
particular piece of paper was in a known place, under neutral or believable
control, since that date. If I take my dump tape from this afternoon to a
neutral agent and leave it there, I would expect a court at some time in the
future to accept that everything on it at that future time was on it today.
I would not expect the court to believe an arbitrary date BEFORE today on
the tape any more than I would expect the court to believe the date on a
paper letter from my files.

scott preece [gould/csd - urbana]
ihnp4!uiucdcs!ccvaxa!preece

[Lay people -- and even some of our colleagues -- tend to TRUST
computers and ignore the people risks involved! But a tape can
easily be forged -- unless some nontrivial authenticator (crypto
seal?) is used. And even that can be forged with a little effort.
Similarly, on-line files can often be changed without leaving any
audit trail record of the change. Furthermore, detecting Trojan
horses and viruses in the computer world is generally nontrivial.
On the other hand, in the paper world the piece of paper without
provenance is more likely to be suspect. Occasionally there may
even be some evidence of tampering. The burden comes down to good
audit trails and protocols for handling both computer data and
paper, as well as anticipation of what might someday be subject to
tampering -- possibly everything -- and treatment accordingly.
But once again, there are no guarantees and many pitfalls. PGN]

------------------------------

Date: Fri, 11 Apr 86 10:38:46 EST
From: [email protected]
To: [email protected]
Subject: Programming productivity

Herb Lin writes:

> ... But why do you think that large amounts of effort
> invested would necessarily improve productivity? ...

Remember "chunking". Cognitive limitations can often be bypassed by
moving things to a higher level. Few people would ever write (say) C code
if doing so required understanding the details of the compiler. One major
thrust of the sort of support systems, both human and automated, that I
was alluding to, is removing the need to attend to unnecessary detail.

We have already come a long way in this direction: much of the fundamental
knowledge base of a programmer of thirty years ago is obsolete. Not just
because the machines have changed, but because modern programming is done
at a much higher level, where the low-level details are no longer visible.

Of course, the low-level details have not vanished; they have merely been
taken over by the support systems. Which means that one must worry about
whether the support systems understand the details properly. Although
programmer productivity is much increased if one can work entirely in
a high-level language and not have to care about the details of the
underlying machine, one's compiler had better be fairly well debugged or
this strategy will not work.

Even if one stipulates that ultimate limitations exist, it seems to me
that there remains good reason for believing that we are nowhere near
them yet, and that investments in better support systems are worthwhile
now and will remain worthwhile for the foreseeable future.

Henry Spencer @ U of Toronto Zoology
{allegra,ihnp4,decvax,pyramid}!utzoo!henry

------------------------------

Date: Fri, 11 Apr 86 22:27:49 cst
From: [email protected] (Sriram Vajapeyam)
To: [email protected]
Subject: The San Jose Public Library

>>From an article in the 27 March 1986 San Francisco Chronicle:
> ------------------------------
> An employee of the San Jose public library "destroyed 16 days of records
> and garbled two weeks of circulation files." A supervisor had "neglected
> to create a backup file". [...]
> Training was still incomplete. Several employees will be disciplined.
^^^^^^^^ ^^^ ^^^^^ ^^^^^^^^^^ ^^^^^^^^^ ^^^^ ^^ ^^^^^^^^^^^
> ------------------------------
>Not only does poor computer usage cause risks to everybody else, I think we
>should be concerned about workers who are forced to use unfamiliar systems
>and then are held responsible for the damage they did. Somehow it does not
^^^^^^^ ^^ ^^^^ ^^^
>seem fair, but I believe this is becoming far too common.
^^^^ ^^^^
>------------------------------

Penalising the employees DOES seem unfair in the above case, and I
feel they are sure to win if they go to a court of law seeking remedy. (They
didn't have enough training; the system was very young; we don't know if the
system was fully reliable; etc etc.) I have a few points about which others
might want to express their opinions :

* Mistakes made while using computers result in much more loss than
those made, say, when working with official documents on paper.

[This is influenced by the shorter time scale, the (misplaced)
willingness to trust computers, and by the laziness/complacency
of computer users in not spotting mistakes. But I'm not sure
that your point is generally true. PGN]

* It seems easy for a person not very comfortable with computers to
make mistakes that can't be corrected. (It doesn't seem fair to expect
*everyone* to be comfortable with computers.)

* How reliable is it to use computers in cases such as above (e.g.,
banks, libraries, etc), when they will be handled by people who might be
more prone to making mistakes? SDI, even though having been brought into
existence and being maintained and used by professionals, is not supposed to
be reliable. Human error is always a frightening possibility even there!

...Sriram V. [email protected]

------------------------------

End of RISKS-FORUM Digest
************************
-------