5-Nov-86 19:43:41-PST,12343;000000000000

5-Nov-86 19:43:41-PST,12343;000000000000
Mail-From: NEUMANN created at 5-Nov-86 19:41:53
Date: Wed 5 Nov 86 19:41:53-PST
From: RISKS FORUM (Peter G. Neumann -- Coordinator) <[email protected]>
Subject: RISKS DIGEST 4.5
Sender: [email protected]
To: [email protected]

RISKS-LIST: RISKS-FORUM Digest, Wednesday, 5 November 1986 Volume 4 : Issue 5

FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
Computer causes chaos in Brazilian Election (Jonathan Bowen)
Risks of FAA Philosophy ? (Robert DiCamillo)
Computers and Medical Charts (Christopher C. Stacy)
Re: Insurgent Squirrel Joins No-Ways Arc (rsk)
Micros in Car engines (Peter Stokes)

The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to [email protected], Requests to [email protected])
(Back issues Vol i Issue j available in CSL.SRI.COM:<RISKS>RISKS-i.j. MAXj:
Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.)

----------------------------------------------------------------------

Date: Tue, 4 Nov 86 15:23:54 GMT
From: Jonathan Bowen <bowen%[email protected]>
To: [email protected]
Subject: Computer causes chaos in Brazilian Election

From Daily Telegraph, Monday November 3rd:

``Hundreds of thousands of Brazilians may not be able to vote in the
forthcoming general election because of bureacratic bungles. ... only
70% of the electorate have been issued with the essential voting card.
.... queues and frayed tempers are a result of a 30 million pound [c $42
million] computerisation programme which was designed to streamline
voting and eliminate fraud. ... Flaws in the system only became evident
when distribution started three weeks ago. ... [the computer] has been
programmed to cancel all duplicate applications in order to weed out
fraudulent "phantom" voters. ... while it showed that 1,400 dead people
had voted for the mayor in the north-eastern town of Teresinha last
year, and 100,000 falsified cards were in circulation in the southern
state of Santa Catarina, it also cancelled legitimate names.
Programmers overlooked that twins are born on the same day to the same
parents. Consequently, the voting rights of an estimated 70,000 twins
were cancelled. The Federal Electoral Tribunal in Brasilia is currently
wading through 140,000 appeals, including the case of a certain Jose
Francisco, who says all his 14 brothers were baptised with identical
names. ... It is hoped that all those eligible will have their cards by
the 15th. Those that do not will have to pay a 4 pound [c $5.50] fine
or brave more queues and bureacracy to prove that they both exist and
have the right to vote.''

Surely these sorts of problems have occurred before in other
countries. What methods are available, if any, the avoid such risks
using computers without human intervention? Are such problems a
result of there not being *enough* computerised information on
the population to start with?

------------------------------

Date: Wed, 5 Nov 86 16:18:19 EST
From: Robert DiCamillo <[email protected]>
Subject: Risks of FAA Philosophy ?
To: [email protected]

The recent entries in the Risks Journal about collision avoidance systems
reminds me of a comment a professor once made to me about the philosophy of the
FAA. For many years this professor in the Engineering Design Department at
Tufts University worked on a better engineered cockpit layout and display
system. This included improvements in human factoring, multi-function graphic
displays to eliminate the number of indicators needed, and more functionality
in the cockpit to allow the pilot to detect and avoid other aircraft.

After several years of work, where along the way many graduate students had
also contributed, the system was presented to the FAA and turned down for what
the inventors could not fathom as valid technical reasons. The system was
better, easier to use, and provided the pilot with more functionality and
autonomy over his aircraft and flight path.

The professor noted that the catch was the FAA's "apparent" philosophy that
they don't want the pilots to have more autonomy in determining their flight
path and collision avoidance, as this task is considered the realm of the
ground (air traffic) controllers. His opinion was that any system that included
decentralization from ground control would be rejected because the FAA does not
want to threaten the job security of air traffic controllers.

This political "unspoken" philosophy of the FAA would still seem to be in
effect, providing you are willing to believe that technical reasons (good or
bad) will be used to defend such political objective(s). Perhaps the Honeywell
System is just another casualty.

This of course leads to the question of policy making. Does anyone know if the
FAA charter contains any such implicit endorsement pro or con relative to
evaluating technology ? Does the FAA even have an agreed upon philosophy in
this regard that is published and accessible to the public ? Or does some high
ranking, politically inclined, individual have the absolute veto power within
the government (FAA or otherwise) ?

This seems like one of those issues that will be difficult to substantiate,
most suitable to think about while flying in planes. Note that the November
1986 issue of the IEEE Spectrum is devoted to "Our Burdened Skies". Although I
haven't read it yet, I will be interested to see if there is any reflection
(real or ghost) of such an FAA philosophy.
- Robert DiCamillo

------------------------------

Date: Wed, 5 Nov 86 21:33 EST
From: Christopher C. Stacy <[email protected]>
Subject: Computers and Medical Charts
To: Elliott S. Frank <[email protected]>
cc: [email protected]

I talked to an R.R.A. today to get an opinion on PIZZAMAN's story
about taking the medical records information home on his computer.

The hospital sets up regulations to control access to the medical records,
which are carefully guarded as sensitive confidential information. The
physical record is considered to be owned by the hospital, and the
information is considered to be owned by the patient. Typically, physicians
are allowed to take copies of medical records to their offices or home in
order to perform work directly related to patient care. Preparing research
reports is generally considered to be within that scope.

People are generally not allowed to remove the original physical record from
the hospital, but copies may be OK. The administrator I talked to didn't
think that it was significant that the information was copied using a
computer. Of course, the physician has a serious responsibility to protect
the information from perusal by random persons, including his family,
visitors to his office, people logging in to his computer over the phone, etc.

So, the opinion of one medical records administrator seems to concur with
that of Dr. Tessler; the people at that hospital probably were over-reacting
inappropriately.

I don't know how well most medical personnel understand what computers
are; the person I talked to currently works for a company that writes
software for hospital administration.

So, this situation presents the familiar risk of paranoid confusion.
However, I would identify the major risk here as related to computer and
telecommunications security. This is the same concern as for the hospital
which keeps their actual medical records online. The two risks can be
related, of course.

If people have other questions or thoughts about this, I would be glad
to forward them along to my friend; she was interested that people
were discussing this sort of thing.

------------------------------

Date: Wed, 5 Nov 86 21:31:22 EST
From: Wombat <[email protected]>
To: [email protected]
Subject: Re: Insurgent Squirrel Joins No-Ways Arc

Ross's story reminds me of a similar incident which took place at Purdue
about five years ago; a misplaced rodent [in a power transformer] caused
most of the campus to lose power for about half a day. The university
physical plant crews actually aggravated the situation while trying to fix
it by mis-diagnosing the trouble, in ways that have never been clear. One
of the physical plant officials was quoted on the front page of the Exponent
(Purdue's daily) as saying "You've got to understand, with electricity you
never quite know what's going on". I'm sure he was thrilled when a group of
EE students reprinted that quote on T-shirts and proceeded to sell them at a
brisk pace for the rest of the semester. [I still wear mine!]

Rich Kulawiec, [email protected]

------------------------------

Date: Wed, 5 Nov 86 11:46:07 pst
From: Peter Stokes <stokes%cmc.cdn%[email protected]>
To: [email protected]
Subject: Micros in Car engines

My 1986 Ford Mustang has (according to the literature) a micro-processor
controlled engine. When driving it, you can tell that the engine RPM's
are contolled by something "intelligent" :

- the high idle when cold to normal idle when warm transition has a
distinctive change sequence as the engine warms up and this response
is IDENTICAL every morning as I drive to work.

- If you hit the accelerator pedal and let go quickly, the engine
speed returns to normal in about 3 distinctive steps:
1: a sharp drop of several hundred RPM's,
2: a smoother drop to very near the idle speed, and finally,
3: a small adjustment to the true idle speed.

- If you disengage the clutch while the car is moving (first step
in gearing down), the engine speed drops quickly to a low of
200 RPM's (I can sometimes feel it shudder) and then the processor
corrects this with a "shot of gas". If you leave your foot on the
clutch and just coast, you can observe the tachometer settle on the
idle speed after a small amount of overshoot and undershoot.

- and finally, if you try to stall the car (starting off in first
gear without pushing the gas for example), the processor responds by
trying to keep the engine speed at idle speed.

My Question... What are the risks in buying and driving an automobile with
a computer controlled engine?

Safety: What are the odds of a malfunction causing acceleration?
Performance: Is this a feature? Will the benefits of the microprocessor
control continue to serve as the engine grows old and changes?
Service: Can a "Saturday Morning Mechanic" still tune his/her car or
is specialized equipment now a pre-requisite for the job?
Safety: Can the control over the engine be affected by an external
source (e.g. radio transmitter)? I have noticed erratic
engine idle while in an automatic car wash....

Peter Stokes
Envoy100: cmc.vlsiic (...usual disclaimer...)
CDNnet: [email protected]
BITNET: [email protected]

[...probably not much risk in BUYING one, but DRIVING ONE is another matter.
Since you probably do not read every line of RISKS, let me remind you of the
following cases, summarized in RISKS-4.1. (The Mercedes case was noted in
RISKS-2.12.) PGN]

AUTOMOBILES:
Mercedes 500SE with graceful-stop no-skid brake computer left 368-foot
skid marks; passenger killed (SEN 10 3)
Sudden auto acceleration due to interference from CB transmitter (SEN 11 1);
Microprocessors in 1.4M Fords, 100K Audis, 350K Nissans, 400K Alliances/
Encores, 140K Cressidas under investigation (SEN 10 3)
El Dorado brake computer bug caused recall of that model [1979] (SEN 4 4)
Ford Mark VII wiring fires: flaw in computerized air suspension (SEN 10 3)

------------------------------

End of RISKS-FORUM Digest
************************
-------