RISKS-LIST: RISKS-FORUM Digest Wednesday 29 March 1989 Volume 8 : Issue 46

RISKS-LIST: RISKS-FORUM Digest Wednesday 29 March 1989 Volume 8 : Issue 46

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
B-1B wept-swing swept-wing (PGN)
Soviets Lose 2nd Mars Probe (PGN)
Satellite failure due to unremoved lens Cap (PGN)
Technology strikes again -- Dodge Spirits and Dodge Fever (Matt Fichtenbaum)
Suing over runaway computer systems (Rodney Hoffman)
Virus Hits Hospital Computers (Rodney Hoffman)
Prank Virus Warning Message (Bruce N. Baker)
Subversive bulletin boards (Eric Percival)
UK Computer Threat Research Association (David J. Ferbrache)
Will the Hubble Space Telescope Compute? (Paul Eggert)
The Airbus disaster and Ada (Ted Holden via Bob Burch via jpff)
DIAC-90 -- Call for Papers (Douglas Schuler)

The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
* RISKS MOVES SOON TO csl.sri.com. FTPable ARCHIVES WILL REMAIN ON KL.sri.com.
CONTRIBUTIONS to [email protected], with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to [email protected].
FOR VOL i ISSUE j / ftp KL.sri.com / login anonymous (ANY NONNULL PASSWORD) /
get stripe:<risks>risks-i.j ... (OR TRY cd stripe:<risks> / get risks-i.j ...
Volume summaries in (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99).

----------------------------------------------------------------------

Date: Wed, 29 Mar 1989 10:49:24 PST
From: Peter Neumann <[email protected]>
Subject: B-1B wept-swing swept-wing

The Air Force temporarily grounded its fleet of B-1B bombers yesterday after
the wings on one of the planes malfunctioned just before a training
flight... The crew could not get the plane's wings to move back and forth
in tandem and, at one point, the left wing apparently moved too far forward
and punctured a fuel tank inside the fuselage. The wings are normally swept
back for high-speed attack runs and forward for takeoffs and landings...
The B-1B still has problems with its radar-jamming gear... [San Francisco
Chronicle, 29 March 1989, p. A11]

------------------------------

Date: Wed, 29 Mar 1989 10:51:29 PST
From: Peter Neumann <[email protected]>
Subject: Soviets Lose 2nd Mars Probe

The Soviet Union has lost radio contact with its backup spacecraft to Mars and
the Martian moon Phobos... In September 1988 the Soviets lost contact with the
first of the twin Martian probes, Phobos I. [See RISKS-7.53 and 56.]

------------------------------

Date: Wed, 29 Mar 1989 10:56:52 PST
From: Peter Neumann <[email protected]>
Subject: Satellite failure due to unremoved lens cap

A $140 million Star Wars Satellite [launched on 24 March] failed one of its
first tests... The satellite was meant to observe the firing of a nearby
rocket in space but was unable to do so because a lens cap blocked its view.
The lens cover stayed on a sensor too long, blocking it from tracking the
second-stage engine as it drifted away in space. As a result, the satellite
was pointed in the wrong direction to view the longer of the second-stage
firings. [San Francisco Chronicle, 28 March 1989, p. A10]

------------------------------

Date: Mon, 27 Mar 89 16:22:43 EST
From: [email protected] (Matt Fichtenbaum)
Subject: Technology strikes again -- Dodge Spirits and Dodge Fever

I test-drove a Dodge Spirit last week. It had Chrysler's new 4-speed
overdrive automatic transmission, which is controlled electronically.
As we were sitting in the car before beginning the test drive, the salesman
folded down his sun visor, noted the vanity mirror built into it, and said,
"Illuminated mirrors! How nice!" So I folded down _my_ visor, lifted the cover
on the mirror, and noticed that the lights didn't light. "How did you make
yours light?" I asked. "They won't, until we connect a connector under the
hood," said he, "we disconnect things that might drain the battery if left on
inadvertently." I resolved to check the mirror illumination later.
So I drove out from the dealer's lot, accelerated gently to about ten miles
per hour, and notice that the transmission had not yet shifted up. "Shift,
you!" said I. The salesman then started to laugh embarrassedly and remembered
that the transmission controller needed "that connector" reconnected.
This time the Spirit wasn't quite willing.

[And the Flashers were weak... PGN]

------------------------------

Date: 29 Mar 89 10:41:46 PST (Wednesday)
From: Rodney Hoffman <[email protected]>
Subject: Suing over runaway computer systems

Edited excerpts from a feature article by Jeffrey Rothfeder in 'Business
Week' magazine April 3, 1989:

USING THE LAW TO REIN IN COMPUTER RUNAWAYS
MORE UNHAPPY BUYERS ARE TAKING SYSTEMS SUPPLIERS TO COURT

Geophysical Systems Corp. hired a Raytheon Corp. subsidiary, Seismo-
graph Service Corp., to build a $20 million computer system to process
sonar-generated data. The system couldn't do it. Geophysical's clients
canceled their contracts, and Geophysical entered bankruptcy. Last
December, a Los Angeles jury awarded Geophysical Systems Corp. $48.3
million from to cover computer-system costs and lost profits, although
the judge has ordered a new trial to review the size of those damages.

Geophysical had claimed that the Seismograph system couldn't meet its
complex computation requirements -- and that Seismograph knew this
before it started building the system. By finding for his client, says
Geophysical's attorney, "the court is saying that if we wanted a computer
unable to handle our data we could have gone to Toys 'R' Us and been
out $20 instead of $20 million."

As computer runaways -- systems that are over budget, installed late,
or don't work -- become endemic, fed-up customers are fighting back.
And they're using the law to do it. In 1988 the American Arbitration
Assn. took on 190 computer disputes, most of them concerning defective
systems, totaling $198 million in claims. That was up from 123 cases
in 1984, representing claims of $31 million. Dozens of law firms now
specialize in high-tech matters.

[More tales of (smaller) cases.] When a customer sues, it loses its
computer supplier. It may take years to find a replacement and build
a new system -- not to mention win the original suit. Because of this,
says one attorney, "when you sign a contract for a computer system,
you're locked in a deadly embrace with the supplier that you not be able
to, or want to, get out of." The boilerplate agreement that suppliers
typically offer includes numerous so-called exclusions of warranty that
limit the supplier's liability for system failures or delays. Also,
the contract usually states that nothing in it is binding unless
specifically spelled out.

A former Price Waterhouse senior consultant recalls telling customers
that it will take "only 72 hours for a crucial software project. But
we wouldn't put this into the contract. Then when it took us two months
to do the job, we simply explained that the project now costs more
because the extra work we did was out of the scope of our agreement."

The State of New Jersey reached a settlement with Price Waterhouse over
a bungled system to handle licensing and traffic violations for the Motor
Vehicles Dept. During nearly two years of negotiations, the accounting
firm fixed the system. New Jersey got the system for $1.2 million less
than the contracted price, and Price Waterhouse swallowed approximately
$2 million in additional project costs.

Many customers are starting to demand contract clauses providing for
binding arbitration of disputes, and for acceptance tests before the
customer pays.

Surprisingly, the new legal aggressiveness of customers isn't particu-
larly troubling to most systems suppliers. Customer activism may even
reduce the number of runaways from an estimated 35% of all current
computer projects. Says a systems designer at one Big Eight accounting
firm: "It could be just the thing we need to make us more honest."

A sidebar lists THINGS TO DEMAND WHEN BUYING A COMPUTER SYSTEM:

* ACCEPTANCE TEST. Requires the supplier to run the customer's
actual data successfully through the system.

* GUARANTEE. The customer pays leasing or purchase charges only
after the new system has been working correctly for two months.

* BINDING ARBITRATION. Stipulates that the customer can elect to
have disputes resolved by an outside arbitrator.

* SOFTWARE OWNERSHIP. Give the customer the rights to the system's
source code and leaves it in the customer's possession.

* SUPPORT. Guarantees that support and servicing for the system will
be available for at least a year -- even if the supplier goes out
of business.

------------------------------

Date: 29 Mar 89 14:15:09 PST (Wednesday)
From: Rodney Hoffman <[email protected]>
Subject: Virus Hits Hospital Computers

A short note in the `Los Angeles Times' 27 March 1989 carried this summary
of information from a letter in the 'New England Journal of Medicine':

VIRUS HITS HOSPITAL COMPUTERS

A "virus" infected computers at three Michigan hospitals last
fall and disrupted patient diagnosis at two of the centers in
what appears to be the first such invasion of a medical computer,
it was reported last week.

The infiltration did not harm any patients but delayed diagnoses
by shutting down domputers, creating files of nonexistent patients
and garbling names on patient records, which could have caused more
serious problems.

"It definitely did affect care in delaying things, and it could have
affected care in terms of losing this information completely," said
Dr. Jack Juni, a staff physician at the William Beaumont Hospitals
in Troy and Royal Oak, Mich., two of the hospitals involved. "It
was pretty disturbing."

If patient information had been lost, the virus could have forced
doctors to repeat tests that involve exposing patients to radiation,
Juni said. The phony and garbled files could have caused a mix-up
in patient diagnosis, he said.

"This was information we were using to base diagnoses on," said Juni,
who reported the case in a letter in the New England Journal of
Medicine. "We were lucky and caught it in time."

------------------------------

Date: Tue, 28 Mar 89 08:06:39 PST
From: Bruce N. Baker <[email protected]>
Subject: Prank Virus Warning Message

An individual placed a time bomb message on a government service system in the
San Francisco Bay Area saying, "WARNING! A computer virus has infected the
system!" The individual is learning that such a prank is considered almost as
funny as saying that you have a bomb in your carry-on luggage as you board a
plane.

Bruce Baker, Information Security Program, SRI International

------------------------------

Date: Mon, 27 Mar 89 13:27:32 BST
From: Eric Percival <eric%[email protected]>
Subject: Subversive bulletin boards

This week's (26 March.) Sunday Times (UK) has an article relating to a Bulletin
Board being run by a 14-year-old boy in Wilmslow, Cheshire, England, which
contains information relating to such things as making plastic explosives.
Anti-terrorist detectives are said to be investigating for possible breaches of
the Obscene Publications Act. Apparently reporters were able to easily gain
access to this bulletin board and peruse articles on such subjects as credit
card fraud, making various types of explosive, street fighting techniques and
dodging police radar traps. One article was obviously aimed at children and
described how to make a bomb suitable for use on "the car of a teacher you do
not like at school," which would destroy the tyre of a car when it was started.
The boys parents did not seem to think that their son was doing anything wrong,
preferring him to be working with his computer rather than roaming the streets.
A London computer consultant, Noel Bradford, is quoted as having seen the
bulletin board and found messages discussing "how to crack British Telecom, how
to get money out of people and how to defraud credit card companies. Credit
card numbers are given, along with PIN numbers, names, addresses and other
details."

------------------------------

Date: 28 Mar 89 09:32:34 GMT
From: "David.J.Ferbrache" <[email protected]>
Subject: UK Computer Threat Research Association

For those of you interested an umbrella organisation has been established
in the UK to co-ordinate information on, and research into all aspects of
computer security. In the first instance one of the organisations primary
concerns will be combatting the threat posed by computer viruses by
acting as a clearing house for virus information and control software.

Below is a copy of an initial letter mailed to prospective members:

The Computer Threat Research Association

The computer threat research association, CoTra is a non-profit making
organisation that exists to research, analyse, publicise and find solutions for
threats to the integrity and reliability of computer systems.

The issue that caused the formation of CoTra was the rise of the computer
virus. This problem has since become surrounded by fear, uncertainty and doubt.
To the average user the computer virus and its implications are a worry of an
unknown scale. To a few unfortunates whose systems have become a critical issue.

The key advantage of CoTra membership will be access to advice and information.
Advice will be provided through publications, an electronic conference (a
closed conference for CoTra's members has been created on the Compulink CIX
system) as well as other channels such as general postings direct to members
when a new virus is discovered.

CoTra membership will be available on a student, full or corporate member
basis. All software that is held by CoTra that enhances system reliability,
such as virus detection and removal software, will be available to all members.
It is intended to establish discounts with suppliers of reliability tools and
services. A library of virus sources and executables and other dangerous
research material will be made available to members who have a demonstrable
need.

A register of consultants who have specific skills in the systems reliability
field will be published by CoTra and reviews of reliability enhancing software
will be produced.

Your support of CoTra will ensure that you have the earliest and most accurate
information about potential threats to your computer systems.

CoTra, The computer threat research association,
c/o 144 Sheerstock, Haddenham, Bucks. HP17 8EX

Part of the organisation's aim is to establish reciprocal links with other
similar organisations worldwide to facilitate the sharing of experience and
rapid flow of information on new threats.

To this end if you are involved in, or have contacts with, a similar
organisation in your country, please write to CoTra (or by email to me, and I
will forward your correspondence) outlining your organisation and its aims.

Yours sincerely,
Dave Ferbrache, Dept of computer science, Heriot-Watt University, 79 Grassmarket
Edinburgh,UK. EH1 2HJ Tel (UK) 031-225-6465 ext 553 UUCP ..!mcvax!hwcs!davidf

------------------------------

Date: Tue, 28 Mar 89 14:57:02 PST
From: eggert%[email protected] (Paul Eggert)
Subject: Will the Hubble Space Telescope Compute?

M. Mitchell Waldrop's article (_Science_, 17 March 1989, pp 1437-1439) on SOGS
is notable for its coverage accessible to the general scientific public,
and for its claim that the software engineering community has switched to
rapid prototyping. Selected quotes follow.
-- Paul Eggert, Twin Sun Inc. <aerospace.aero.com!twinsun!eggert>

Will the Hubble Space Telescope Compute?

Critical operations software is still a mess--the victim of
primitive programming methods and chaotic project management

First the good news: two decades after it first went into development, the
$1.4-billion Hubble Space Telescope is almost ready to fly....

But now the bad news: the Space Telescope Science Institute in Baltimore still
has dozens of programmers struggling to fix one of the most basic pieces of
telescope software, the $70-million Science Operations Ground System (SOGS)....
It was supposedly completed 3 years ago. Yet bugs are still turning up ... and
the system currently runs at only one-third optimum speed.... If Space
Telescope had been launched in October 1986, as planned at the time of the
Challenger accident, it would have been a major embarrassment: a superb
scientific instrument crippled by nearly unworkable software....

[chronology:
1980-1 2"-thick requirements doc. written by NASA-appointed committee
1981 contract awarded to TRW; peak team included 150 people
1983 first software components delivered
later SOGS declared utterly unsuitable.
]

The problem was basically a conceptual one. NASA's specifications for SOGS had
called for a scheduling algorithm that would handle telescope operations on a
minute-by-minute basis.... The tacit assumption was that the system would
schedule astronomers on a monthly and yearly basis by simply adding up
thousands upon thousands of these minute-by-minute schedules.

In fact, that tacit assumption was a recipe for disaster.... The number of
possible combinations to consider rises much faster than exponentially....
In the computer science community, where this phenomenon has been well known
for about 40 years, it is called ``the combinatoric explosion.'' Accepted
techniques for defusing such explosions call for scheduling algorithms that
plan their trips with a road map, so to speak. And SOGS simply did not have it.

In addition to performance issues, however, SOGS was also deficient in basic
design terms. ``SOGS used last-generation programming technology,'' says one
senior programmer.... ``SOGS was designed in such a way that you couldn't
insert new releases without bringing down the entire system! For days!'' says
the science institute's associate director for operations, Ethan Schreier....
Indeed, the fundamental structure of SOGS is so nonmodular that fixing a bug in
one part of the program almost invariably generates new bugs somewhere else....

So, where did SOGS go wrong?...

One of the main villains seems to have been the old-line aerospace industry
approach to software development.... In the wider computer science community
this Give-Me-The-Requirements approach is considered a dismal methodology at
best... Modern programming practice calls for ... a style known as ``rapid
prototyping''...

Even more fundamental ... few people at NASA were even thinking about
telescope operations in the early years.... the Space Telescope project as a
whole was saddled with a management structure that can only be described as
Byzantine.... At the hardware level the chaos at the top was reflected in a
raft of independently developed scientific instruments and onboard computers,
none of which were well coordinated with the others. Indeed, the presumption
was that any such problems would be taken care of later in the software....

So, is SOGS fixed now?

Maybe. With TRW's help, the institute has spent the past several years beating
the system into shape.... On the other hand, such progress has come at a
price. SOGS now consists of about 1 million lines of programming code, roughly
ten time larger than originally estimated. Its overall cost has more than
doubled, from $30 million in the original contract to roughly $70 million....

In both NASA and Pentagon contracting, the cost of the old-line approach is
becoming all too apparent. Indeed, it has become a real sore point in the
computer community.

``It's the methodology that got us to Apollo and Skylab,'' says [James] Weiss
[data systems manager for Space Telescope at NASA headquarters]. ``But it's
not getting us to the 1990s. The needs are more complex and the problems are
more complex.''

``SOGS,'' he says, ``is probably the last example of the old system.''

------------------------------

Date: Wed, 29 Mar 89 11:03:08 BST
From: [email protected]
Subject: The Airbus disaster and Ada

This is a question for RISKS. I found this on the network. Can any
RISKS-readers answer it?

From: [email protected] (Bob Burch)
Newsgroups: comp.misc,comp.lang.ada
Subject: French Airbus Disaster / Ada?
Date: 27 Mar 89 12:37:11 GMT
Organization: IMS, Rockville, MD

I am hearing a couple of versions of the role which the Ada programming
language might or might not have played in the air-bus disaster at the
Paris Air Show about a year or so ago. I would appreciate hearing from
anyone who actually knows anything about this topic.

Ted Holden, HTE

------------------------------

Date: Wed, 29 Mar 89 08:08:18 pst
From: Douglas Schuler <[email protected]>
Subject: DIAC-90

Call for Papers
DIRECTIONS AND IMPLICATIONS OF ADVANCED COMPUTING
DIAC-90 Boston, Massachusetts July 28, 1990

Computer technology significantly affects most segments of society,
including education, business, medicine, and the military. Current
computer technology and technologies that seem likely to emerge soon will
exert strong influences on our lives, in areas ranging from work to civil
liberties. The DIAC symposium considers these influences in a broad social
context - ethical, economic, political - as well as a technical context.
We seek to address directly the relationship between technology and policy.
We solicit papers that address the wide range of questions at the
intersection of technology and society.

Within this broad vision, we request papers that address the following
suggested topics. Other topics may be addressed if they are relevant to
the general focus.

RESEARCH DIRECTIONS DEFENSE APPLICATIONS

+ Research Funding Sources/Effects + AI and the Conduct of War
+ Software Development Methodologies + Autonomous Weapons Systems

COMPUTING IN A DEMOCRATIC SOCIETY COMPUTERS IN THE PUBLIC INTEREST

+ Community Access + Computing for the Disabled
+ Computerized Voting + Uses of Models and Simulations
+ Civil Liberties + Arbitration and Conflict Resolution
+ Computing and the Law + Computing in Education
+ Computing and Workplace + Software Safety

Submissions will be read by members of the program committee, with the
assistance of outside referees. The program committee includes Alan
Borning (U. WA) Christiane Floyd (Technical University of Berlin),
Jonathan Jacky (U. WA), Deborah Johnson (Renssalaer Polytechnic), Eric
Roberts (DEC), Richard Rosenberg (SIGCAS, U of British Columbia), Ronni
Rosenberg (MIT), Marc Rotenberg (CPSR), Douglas Schuler (Boeing Computer
Services), Lucy Suchman (Xerox PARC), and Terry Winograd (Stanford).

Complete papers should include an abstract and should not exceed 6000
words. Papers on ethics and values are especially desirable. Reports on
work in progress or suggested directions for future work as well as
appropriate surveys and applications, will also be considered. Submissions
will be judged on clarity, insight, significance, and originality. Papers
(4 copies) are due by March 1, 1990. Notices of acceptance or rejection
will be mailed by April 15, 1990. Camera ready copy is due by June 1, 1990.
Send papers to Douglas Schuler, Boeing Computer Services, MS 7L-64, P.O.
24346, Seattle, WA 98124-0346. For more information contact Doug Schuler
(206-865-3226).

Proceedings will be distributed at the symposium, and will be available
during the 1990 AAAI conference. The DIAC-87 and DIAC-88 proceedings are
published by Ablex Publishing Company. Publishing the DIAC-90 proceedings
is planned.

Sponsored by Computer Professionals for Social Responsibility
P.O. Box 717, Palo Alto, CA 94301

DIAC-90 is partially supported by the National Science Foundation under
Grant No. 8811437, through the Ethics and Values Studies Office.

------------------------------

End of RISKS-FORUM Digest 8.46
************************