2-May-87 11:48:10-PDT,25454;000000000000
Mail-From: NEUMANN created at 2-May-87 11:46:44
Date: Sat 2 May 87 11:46:44-PDT
From: Peter G. (coordinator) Neumann <
[email protected]>
Subject: RISKS DIGEST 4.79
Sender:
[email protected]
To:
[email protected]
RISKS-LIST: RISKS-FORUM Digest Saturday, 2 May 1987 Volume 4 : Issue 79
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Risks of RISKS resurgent -- CSL DEAD FOR THREE DAYS, STILL HALF DEAD
Re: Fidelity Mutual Funds Money Line feature (Amos Shapir)
Wheels up (Martin Minow)
Special Risk Assessment issue of 'Science' (Rodney Hoffman)
Radiation hazards to computers (Wm Brown III)
Neutron beam detection (Richard H. Lathrop)
Computer Database Blackmail by Telephone (Steve Summit)
Liability Law in the UK (Brian Randell)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to
[email protected], Requests to
[email protected])
(Back issues Vol i Issue j available in CSL.SRI.COM:<RISKS>RISKS-i.j. MAXj:
Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.)
----------------------------------------------------------------------
Date: Sat 2 May 87 10:57:56-PDT
From: Peter G. Neumann <
[email protected]>
Subject: Risks of RISKS resurgent -- CSL DEAD FOR THREE DAYS, STILL HALF DEAD
To:
[email protected]
Somewhen on Tuesday afternoon, 28 April, someone plugged some equipment
into the circuit used by CSL.SRI.COM. The result was not only blown fuses,
but a physically destroyed disk on CSL. We currently have a patchwork
system cannibalized from another system, with a very small disk, and thus
I am running without most of my macros, history files, etc. (just the files
created in the last month). We will not be back in regular service until the
END OF THE COMING WEEK, so please bear with us. Mail received by RISKS after
early Monday evening 27 April, but before the crash, was lost. Mail sent to
RISKS by you during the outage was either returned undelivered, or else queued
and eventually received, depending upon mailer whims. Grumble.
------------------------------
From: Amos Shapir <
[email protected]>
Date: Mon, 27 Apr 87 16:43:10+0300
To:
[email protected]
Subject: Re: Fidelity Mutual Funds Money Line feature (RISKS 4.78)
Because of the slowness of mail here, the habit of paying your bills
by a 'permanent order' to your bank have become very popular; many
utilities also give discounts if you choose to pay your bills in that
way, since they are assured of getting their money - no bounced or bad checks.
However, a common experience is that it is very hard to cancel such an order -
you have to keep badgering the bank until your request gets all the way through
to the data processing center, and even when you think everything's ok someone
loads an old backup tape, and your stone rolls back to the bottom of the hill.
Sometimes the only way is to close the account, but when you have as many
as 10 such orders, that's also complicated.
Amos Shapir, National Semiconductor (Israel)
6 Maskit st. P.O.B. 3007, Herzlia 46104, Israel Tel. (972)52-522261
amos%
[email protected] {hplabs,pyramid,sun,decwrl}
------------------------------
Date: Mon, 27 Apr 87 06:02:42 PDT
From: minow%
[email protected]
(Martin Minow THUNDR::MINOW ML3-5/U26 223-9922 27-Apr-1987 0855)
To: "
[email protected]"@src.DEC.COM
Subject: Wheels up
You may recall the extensive discussion on Risks a few months ago
about computer-controlled airplanes. It seems, that if the plane was
on the ground and you told the computer to raise the landing wheels,
it did so -- crashing the plane.
I recently bought the "Flight Simulator" computer game for my home
computer. While parked on the ground, I told it to raise the (simulated)
landing wheels. It did so, crashing the (simulated) plane.
(If you haven't seen it, "Flight Simulator" is an impressive piece of work.)
Martin Minow minow%
[email protected]
------------------------------
Date: 29 Apr 87 16:56:20 PDT (Wednesday)
From:
[email protected] <Rodney Hoffman>
Subject: Special Risk Assessment issue of 'Science'
To:
[email protected]
Partial contents of 'Science' magazine for 17 April 1987 (vol 236 no 4799)
Editorial on "Immortality and Risk Assessment"
"Risk Assessment and Comparisons: An Introduction"
"Ranking Possible Carcinogenic Hazards"
"Perception of Risk"
"Risk Assessment in Environmental Policy-Making"
"Health and Safety Risk Analyses: Information for Better Decisions"
"The Safety Goals of the U.S. Nuclear Regulatory Commission"
[Computers are explicitly omitted. Eugene Miya]
[But there is still much for us to learn from this issue... PGN]
------------------------------
Date: Thu, 30 Apr 87 17:42 PDT
From: Wm Brown III <
[email protected]>
Subject: Radiation hazards to computers
To:
[email protected]
Paul Stewart's contribution on airport luggage scanners which use slow
neutrons to detect explosives reminded me of a phenomenon which
plagued a company I once worked for. The product we sold was a
satellite navigation receiver which used the old Transit constellation
of satellites to provide position fixes for commercial ships. Many of
these systems were sent around the world to be installed wherever a
vessel happened to be at the time.
After a couple of years, we began to notice that our overseas dealers
frequently had systems fail out of the box with invalid EPROM checksums.
Machines installed within the U.S. virtually never failed in this way, even
though they were built with parts from the same vendor and datecode lot.
Spare PROM sets became a standard part of everyone's service kits.
Finally someone collected enough data to correlate these failures with
the distance a system traveled by air freight; the dealers farthest
from home usually saw the most failures. I seem to remember that
flights over the polar routes did the most damage.
One of our engineers had a background in nuclear physics and
power engineering; the best theory he was able to propose was
that high energy particles in the upper atmosphere occasionally
hit heavy metal atoms in the ceramic chip packages and kicked
out slow secondary emissions which corrupted cells in the EPROMs.
Has anyone else had first-hand experience with this phenomenon?
Can someone with adequate theoretical knowledge offer another
hypothesis? Do the FAA's new bomb detectors pose a similar threat?
------------------------------
Date: Mon, 27 Apr 87 11:34 EDT
From: Richard H. Lathrop <
[email protected]>
Subject: Neutron beam detection [RISKS 4.75]
To:
[email protected]
Date: Mon, 20-Apr-87 00:40:59 PDT
From:
[email protected] (Paul Stewart)
Subject: Radiation risk at airports?
To:
[email protected]
....a computer-based system that bombards luggage or other cargo with a
"beam of slowed neutrons" and uses a computer system to analyze the
signature of the resulting gamma radiation emissions to characterize for the
potential presence of explosives.
I have been licensed by the US NRC as a nuclear reactor operator (I have
since allowed this to expire), and was once the chief programmer and
statistician on a science project which used this technique to monitor
trace element pollution in tree rings. The method is known as Neutron
Activation Analysis (NAA). It is based on the propensity of an atomic
nucleus to absorb a neutron and thereby transition to another isotope of
the same element, but with the next higher atomic weight. The resulting
isotope is often energetically unstable, and often decays to a stable
state by emitting a gamma ray at a frequency characteristic of the
isotope involved. (This is a slightly different mechanism from the
propensity of plutonium-239 and uranium-235 to absorb a neutron, become
unstable, and fission.)
The neutron capture coefficient (known as the "cross-section") is a
characteristic property of the elemental isotope, and can be looked up
in tables of physical constants (e.g., the CRC Handbook of Chemistry and
Physics), as can the stability, decay mode, frequency, and half-life of
the resultant isotope(s). The cross-section varies widely across
isotopes (a spread of ten orders of magnitude!). As some naturally
occurring isotopes transition to other stable isotopes and some have
miniscule cross-section, activated gamma radiation will result only in
some (this means many) cases.
For short irradiation times the amount of any given isotope created is
the product of the neutron flux (intensity), the time period irradiated,
the amount of the element present, the proportion of the element
occurring as the precursor isotope, and the precursor isotope's capture
cross-section. (Note that if the flux is extremely low very little of
the radioactive isotope will be created.) If the resulting isotope is
unstable, it will emit radiation at a characteristic frequency and
half-life, also obtainable from tables. The shorter the half-life the
more intense the short-term radiation, the longer the half-life the
longer the radioactive isotope persists. By measuring the radiation at
a particular frequency of interest and subtracting the ambient
background, it is possible to calculate the amount of a given element
present in the original sample.
The question then, for anyone who understands this technology or knows
about Science Applications International, is: what will happen to luggage,
cargo, etc., possibly including foods and other items that can be ingested
or will be in close proximity to persons for long periods of time, after
passing through such neutron beam systems once or possibly many times in the
course of complex or multiple trips?
Almost all of the above will become slightly radioactive, the degree to
which being essentially determined by the neutron flux characteristics,
exposure times, and elemental content of the irradiated matter. Bodily
damage from radiation results mostly from the accompanying ionization,
in which chemical bonds are disrupted by the high energy levels and
chemically reactive ions are created. Food is particularly worrisome
because most of the radiation is absorbed internally, and because the
body has mechanisms that produce high local concentrations of certain
elements (e.g., iodine in the thyroid, calcium in the bones, etc.).
Common isotopes in food having high natural abundance, reasonably large
cross-sections, and medium half-lifes (hence, readily made radioactive)
include sodium-23 and chlorine-37. Common metals with similar
properties include aluminum-27, copper-63 and -65, zinc-64, silver-107
and -109, gold-197, mercury-202, and several of the trace elements used
in making stainless steel.
Are airline passengers to be subjected to the radioactive luggage
and cargo simply because the emission levels meet "government standards"?
Well, yes, but this has to be kept in perspective. For example,
"government standards" are typically less than the ambient background
due to cosmic rays, etc., and also less than the incremental increase
due to living in a brick house (because of trace radioactive elements
and isotopes present in the brick from the earth), living in Denver
instead of New York (because of the greater exposure to cosmic rays from
less atmospheric shielding), or a medical X-ray. This does *not* mean
that they are harmless --- the effects of low-level radiation are *very*
poorly understood and the health aspects, if any, somewhat
controversial. Of especial concern is genetic damage due to ionization
and resulting disruption of chromosomes.
Will the frequent traveler be at greater risk than the occasional traveler?
Yes, given the perspective about ``risk'' above.
What is the real story about these systems?
I cannot answer this question, only discuss the underlying technology.
The "real story" depends on (1) physical parameters such as exposure
time and neutron flux characteristics which are not provided in the
story, and (2) medical effects of low radiation levels, which are
poorly understood and controversial.
Date: Tue, 21 Apr 87 11:50:35 edt
From: Scott Dorsey <kludge%gitpyr%
[email protected]>
Subject: Neutron beam detection [RISKS 4.75]
A machine which detects nitrogen chains may also detect things like
ammonia if it cannot discriminate between long and short chains....
For virtually all purposes nuclear processes are completely decoupled
from chemical ones, and so the technique cannot discriminate between
long and short chains. It is in fact unlikely that nitrogen is being
detected in this way. 99.63% of natural nitrogen occurs as nitrogen-14,
which on neutron capture transitions to nitrogen-15 which is stable.
0.37% occurs as nitrogen-15, which has an insignificantly miniscule
capture cross-section. This makes sense when you think about it, as
otherwise the nitrogen in the air would render the technique worthless.
Rather, it is more likely that some readily-activated rare-earth element
associated in trace quantities with explosive manufacture is what is
actually being detected. This is done, e.g., in studies which wish to
monitor the lead deposition from gasoline even though lead is
essentially inactivable. These studies look instead for vanadium, which
occurs in gasoline in trace amounts but is readily activated and
detected.
Date: Thu, 23 Apr 87 16:29:25 CST
From:
[email protected] (Barbarisi)
To:
[email protected]
Subject: Neutron Beams for Explosives Detection
I did an experiment with neutron radiation for a physics laboratory
while I was in college .... a silver dime was placed in a device called a
"neutron howitzer" and irradiated .... it was very "hot" upon removal
As mentioned above, silver activates rather nicely. Typically this
experiment measures the two different half-lives associated with the two
different silver isotopes which are activated.
The latex stick which held the dime in the neutron howitzer showed no sign
of radiation at all.
Carbon, hydrogen, nitrogen and oxygen, the basic elements of complex
carbohydrates and many polymers, are all essentially inactive under neutron
irradiation. In any case, for a physics experiment the holder would be chosen
to be inert, so as not to compromise the experiment with spurious radiation.
Thus, I doubt that there would be any lasting effect on clothing and
food from low energy neutron radiation.
This is not a justified assumption without additional technical
substantiation. It depends critically on what elements are irradiated,
for how long, and within how strong a neutron flux.
-=*=- Rick
------------------------------
Date: Fri, 1 May 87 08:04:44 pdt
From: Steve Summit <stevesu%
[email protected]>
To:
[email protected]
Subject: Computer Database Blackmail by Telephone
The following article was in the (Portland) Oregonian, 1 May 1987. I'm not
quite sure what to make of it, except that I can't quite believe it. This
looks like the kind of information abuse that people (myself included) would
say "couldn't happen, because people are more reasonable than that."
PNB CANCELS 976 NUMBER FOR PERSONAL-DATA COMPANY
Seattle (AP) -- Pacific Northwest Bell has canceled the 976-prefix toll-call
number of a Seattle company that obtains and sells information about
individuals. The company had sent post cards to thousands of Seattle
residents, offering to delete data about them from company files if they
called the telephone number--a call that cost $7.50. After PNB attorneys
alleged that the post cards could involve extortion, the phone company
canceled Profile Service Corp.'s 976 number Monday, the first time such
action had been taken in the Seattle area, said PNB spokesman Bruce Amundson.
But Jan Sakamoto, Profile's president, said the company did nothing wrong and
would appeal the phone company's action to the Washington State Utilities and
Transportation Commission. "I don't think it's blackmail or fraud," Sakamoto
said. Instead, he said, his company was "catching the brunt of people's ire
at not being able to control information about themselves."
Commission spokesman Raymond Day said PNB apparently was within its rights in
canceling the number. The commission allows PNB to cut off service "without
prior notice, for unlawful use of service or use of service for unlawful
purposes," Day said.
Seattle news media, the state attorney general's office, the Utilities and
Transportation Commission, the Postal Service and PNB have received numerous
complaints about the cards, which were mailed to 20,000 Seattle residents.
The card read: "Profile Service Corp. knows some personal things about you
that other people might like to know. Our company's computer files contain
names, telephone numbers, complete addresses, credit reports and other
important pieces of information about you. We have purchased this
information from a variety of public and private sources." The card then
advised consumers to call its 976 number to have the number deleted from its
computer files. The $7.50 charge for the call would be billed to caller's
phone numbers, with most of the charge being remitted by PNB to Profile.
People who called the number will have the charge deleted from their phone
bills, Amundson said.
I think it's interesting that the company is not offering to delete information
because it is incorrect, but simply because people might not want it there, as
long as they are willing to pay. It would not surprise me if Profile Service
Corp. didn't really have any data at all, but was simply out to milk money from
people who are anxious about "not being able to control information about
themselves."
It's refreshing that Pacific Northwest Bell chose to put a stop to this scam.
I suppose they could have stayed out of it, saying it was Profile's business.
No mention is made of what "use" Profile Service Corp. makes of the data it
keeps. If their raison d'etre is simply to get rich on people's $7.50
paranoia calls, they can preserve income, lower expenses and raise profits by
not maintaining an expensive computer database at all. It would be interesting
to know how big Profile Service Corp. is: if it's just Jan Sakamoto in his
garage, and if he's got other income, he can't lose: the only expense is the
postcard mailing, so once that is recovered, each phone call is pure profit.
Steve Summit
------------------------------
From: Brian Randell <brian%
[email protected]>
Date: Wed, 29 Apr 87 11:05:46 bst
To:
[email protected]
Subject: Liability Law in the UK
From Datalink (UK) March 23 1987:
LAW THREATENS FIRMS WITH COURT OVER FAULTS
A new Bill may leave computer companies wide open to claims for personal
injury says Angus McCrone:
Software and hardware suppliers are being advised to take careful notice of a
new law which means they could be sued for damages if their products are
involved in a user's personal injury.
The law is a product liability bill which is now on its way through
parliament and should be on the statued books by May next year.
The bill gives individuals the right to sue companies if they can claim that
they have suffered personal injury as a result of defective products -
whether computer products or any other sort.
This is likely to apply not only where an individual suffers injury from
using a computer system, but also where a computer error is alleged to have
caused an accident, such as a plane crash. Computer suppliers could even be
sued if their systems have designed a large object, such as a bridge, which
has fallen down and caused injury.
This marks a radical change from the past, when products suppliers were only
likely to be sued for damages if it could be proved that they were guilty of
clear negligence.
The proposed legislation has prompted groups like software's Computing
Services Association (CSA) and hardware's Business Equipment Trade
Association (Beta) to warn of serious consequences for their members.
Alan Smith, director of administration at Beta - which represents most of the
big hardware manufacturers including IBM, ICL, Honeywell and Hewlett Packard
- said that his organisation is 'very worried' about the new legislation.
"It completely reverses 500 years of legal precedents,' Smith said. 'At the
moment a claimant has to prove negligence by a supplier and that this
negligence was the cause of injury.
'In the future, as a result of this legislation, all suppliers will be
treated as guilty unless they can prove that their products did not cause
the injury.'
In other words, Smith reckons the difference between a system or program
going wrong, and being misused, could be blurred. 'If someone misuses a
computer in the machine tool industry or in a hospital, who is to say that
the system did not malfunction and cause the injury?'
He predicts that the product liability legislation would hit hardware vendors
in two other respects - it will become much more difficult and expensive for
them to insure products for liability, and they could be hit by a spate of
'spurious claims' for damages.
Both factors will present suppliers with increased costs. Smith said; 'The
next five to 10 years could be a nasty experience for a lot of companies.'
But while hardware vendors look certain to be hit by the proposed product
liability law, it is still not clear whether software will be included in the
legislation or not.
Ranald Robertson, legal services manager at CAP and an expert on software and
the law, commented that the Government has not made clear whether software
will be treated as a 'product' and so will be covered by the new legislation.
Robertson said; 'Until a test case is brought to court, we are unlikely to
have a definitive statement as to whether software is included in the
legislation. 'But any software producer which ignores this legislation and
its possible implications does so at its own peril, because there could be
situations where a defect is attributable to faulty software and a potential
liability could exist', Robertson added.
Doug Eyeions, director general of the CSA, described one example; 'If
software is used to make a bridge or a nuclear reactor, and it turns out to
have bugs, then this legislation could lead to an enormous liability for the
software supplier.'
The CSA is arguing that software, by its very nature, cannot be guaranteed to
be 100% bug free and cannot be tested in all possible circumstances -
therefore it would be unfair to classify software as a 'product' for
the purposes of the new law.
Another argument which the software industry is putting forward to the
Government is the so-called 'development risk defence'.
This argues that a supplier should escape product liability if it is judged
that with the benefit of current scientific knowledge, it could not have
foreseen a particular defect.
But these sorts of arguments may fall on deaf ears. One parliamentary
amendment which had the support of Beta has already been defeated.
The Government is also under pressure from the EEC which has issued a
directive requiring all its member states to have suitable product liability
laws in place by May 1988.
Because the proposed law applies to all products the implications for the
software and hardware industries have taken some time to sink in.
But groups like the CSA and Beta are now lobbying very hard to influence what
Eyeions describes as 'one of the major issues facing the industry'.
Elsewhere in the paper, a brief summary article states:
According to Praxis chairman Martyn Thomas, who is involved with the Alvey
formal methods team, this could mean software houses will have to prove they
used state-of-the-art formal methods in the design stage.
Rather than companies sorting themselves out in time for the new law, he
thinks "what's more likely to happen is that there'll be a court decision
that a company wouldn't have been liable if it had used formal methods.
Brian Randell - Computing Laboratory, University of Newcastle upon Tyne
UUCP : <UK>!ukc!cheviot!brian
JANET :
[email protected]
------------------------------
End of RISKS-FORUM Digest
************************
-------
