The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 1 Issue 18

Friday, 4 Oct 1985


oLack of a backup computer closes stock exchange
Marty Moore
o DPMA survey on computer crime offenses
J.A.N. Lee
o Ethics vs. morality
Marty Cohen
o The Mythical Man-Month of Risk
Stavros Macrakis
o Risk Assessment by real people
Mike McLaughlin
o CRTs again, solution to one eye-problem
Mike McLaughlin
o Failure of Mexican Networks
Dave Flory
o Technical Reports Lists
Laurence Leff

Lack of a backup computer closes stock exchange

Mon, 30 Sep 85 11:44:49 CDT

When Hurricane Gloria was approaching the New York area, the New York and 
American Stock Exchanges did not open.  The Midwest Exchange, located in
Chicago, opened on schedule; unfortunately, it had to close 40 minutes later,
when its nationwide computer system failed.  Where is the central computer
of that system located?  New York, of course.  The Director of the Exchange
was quoted as saying, "Well, this has got to change."

DPMA survey on computer crime offenses

Jan Lee <janlee%vpi.csnet@CSNET-RELAY.ARPA>
Wed, 2 Oct 85 15:39 EST
Peter ... here are the proper figures on Computer Crime Offenses as reported
by the DPMA from a survey taken by COMP-U-FAX (TM) and reported 1985 May 27:

(It doesn't say how many people were surveyed -- just that DPMA is an
organization of 50,000 members.)

21% reported one or more abuses in past 3 years in their workplace.  2% of
these offenses were committed by outsiders (so much for the Hacker myth!!).
The reasons for the abuses were:

  27% ignorance of proper professional conduct
  26% playfulness
  25% personal gain
  22% maliciousness

Only 45% of respondents worked for a company who had a full-time
or part-time data security person.

Only 2.2% of abuses were reported publicly (does that mean
reported to the news media or the legal authorities?).

The surveyor was Detmar Straub, Grad. School of Business Admin.,
Indiana University.

(In a note I got from Donn Parker, Donn seems to cast some aspersions
on the validity of this survey, but I haven't had chance to do anything
other than read the press release myself.)


Ethics vs. morality

Marty Cohen <mcohen%NRTC@USC-ECL.ARPA>
Fri, 27 Sep 85 13:18:47 PDT
  "Morals: Society's code for individual survival"
  "Ethics: An individual's code for society's survival"

From Theodore Sturgeon, "More Than Human" ("Baby is Three" is one 
part of the book), page 177 of the Ballentine books paperback.

The Mythical Man-Month of Risk

Stavros Macrakis <macrakis@harvard.ARPA >
Thu, 3 Oct 85 19:14:56 EDT
In reference to the discussion on the Wilson article:
   > ... formula that measures risks [as] ... seconds of life lost ...

In discussing risks, whether from computer systems or other causes, it
would surely be desirable to have some reasonable guidelines.
Wilson's basic point was that we should be able to calculate costs and
benefits; a point with which I am in fundamental agreement.  However,
this calculation has many difficulties.  In this note, I should like
to sketch (in a somewhat disorganized way) some of these difficulties.

It is often useful to reduce complicated facts to simple unidimensional
measures for comparison.  But such reduction loses a great deal of
information in general; and also ignores variation in personal utility
functions.  For that matter, statistical measures should differentiate
between associations and causation.

Among the figures cited, there were several misleading measures along
these lines.

For instance, although perhaps cigarette smokers ought to allocate 12
minutes of their lives per cigarette, a lung cancer death is typically far
harder than an automobile accident death.  On the other hand, car accidents
subtract years by killing fewer, younger, people; cancer by killing more,
but older, people.  How to compare 5 x (lifespan 25-70) with 25 x (lifespan
63-70)?  Is each 175 man-years?  I have no answer, although I have certain
intuitions--in particular, `losing' the 69 man-years 1-70 seems far less
tragic than losing the 69 man-years 3 x (47-70) (`struck down in the prime
of life'): but the Wilson extract did explicitly talk only of 25+-year-olds.
Economics has various answers: discounted productivity contribution; market
value attached to hazardous jobs; ....  None is satisfactory, but all are
useful for separating grossly different risks.

As for correlations, why is it that living in New York is hazardous?
Perhaps it is the pollution.  But if it is the poverty or the street crime,
then poverty or bad neighborhoods (regardless of city) probably relate far
better statistically and surely causally than does residence.  New York just
has many poor people and bad neighborhoods.  A statistical analysis that
excludes such correlated hazards is surely non-trivial.

`Post hoc ergo propter hoc' seems especially implicated in the case of
unmarried males.  There are likely advantages to being married, but
perhaps inability to find or keep a wife indicates other problems.

Then there is the presumption of linear additivity.  Even the risks which
are not strongly correlated may combine: consider asbestosis and smoking.

Of course, in other cases the unidimensional metrics may be far more useful.
In the case of the costs of unreliable funds transfer, the cost to the bank
can be calculated quite precisely.  In cases where these errors affect
customers, it may also be reasonable to estimate that damage (e.g., you may
lose $100 of annual profits per error of type X if a retail customer takes
his business elsewhere).  If you're a materials supplier to a just-in-time
manufacturer, the monetary consequences may be far more serious: still, a
monetary measure may be meaningful.

In conclusion, it seems to me useful to develop a range of measures of cost
and benefit, and not try to reduce them to single numbers.  If one wishes to
be ultra-cautious, one will then weigh the minimum expected benefit against
the maximum expected cost.  If one is a `rational' gambler, perhaps the
average benefit against average cost.  If one is an optimist or a gambler,
perhaps the maximum benefit against the minimum cost.  I believe Howard
Raiffa (among others) discusses such issues (although I'm afraid I can't
provide a reference).

Risk-free systems are unlikely.  We need good ways of evaluating risks
and benefits.


Date: Sat, 28 Sep 85 16:05:48 edt
From: mikemcl@nrl-csr (Mike McLaughlin)
Subject: Risk Assessment by real people

Ellen Goodman's column in The Washington Post, Saturday, 28 Sep 85, (c) 1985,
The Boston Globe Newspaper Company, is worth reading.  Title is: "AIDS: The 
Risks We'll Take."  No, it doesn't mention computers.  It really isn't much 
about AIDS, either.  

What it is about is people, and how risks are assessed by real people - not
by computers, or calculators, but by the folks that would die of boredom
reading this forum... or might die of something else if *we* do not
understand how *they* evaluate risks.

"In California, members of a family cut back on sugar in the decaffeinated 
coffee they drink in their house - on the San Andreas fault."  

"Another friend drinks only bottled water these days, eats only meat un- 
touched by steroids and spends weekends hang-gliding."  

"The AIDS story... is a tale about experts and the public, about the gap 
between our skepticism and our longing for certainty."  

Ms. Goodman also quotes an article in October's Science '85: "We may be much 
more willing to accept higher risks in activities over which we have control, 
such as smoking, drinking, driving or skiing, than things over which we have 
little control, such as industrial pollution, food additives and commercial 

Her summation is very relevant to *us*, who read and write about SDI, the use 
and non-use of computers, and so on: "This is, after all, a country that bans 
saccharin and builds nuclear bombs.  We argue and will go on arguing about 
risk in two different languages: numbers and emotions, odds and anxieties." 

If *we* cannot make ourselves understood by *them* when we discuss what 
matters for the survival of *all of us*, then this forum is just a
modern form of omphaloskepsis.  

- Mike 

CRTs again, solution to one eye-problem

Mike McLaughlin <mikemcl@nrl-csr >
Sat, 28 Sep 85 16:25:57 edt
CRTs can cause eye strain in users who wear glasses.  Distance lenses won't 
focus at closer than arm's length.  Reading lenses focus too close.  Bifocals 
require you to hold your head in one of two specific positions... neither of 
which works.  What to do?  

I already done it.  Several years ago.  So much a part of my computerized 
life that I didn't think of it while reading/writing via computer about CRT
usage.  Got "intermediate lenses" - an Rx for glasses optimized for my CRT/
VDT viewing habits.  Got comfy in front of the tube & keyboard, had a friend 
measure distance from bridge of nose to CRT screen.  Averaged several tries. 
Gave the distance to my opthamologist - he turned out an Rx in short order.  

Bought frame & lenses.  Expensive.  Use them *only* at office computer - don't 
take them home (don't have a computer at home).  Declared them as a non-
reimbursed business expense.  IRS content, helped reduce cost.  

Did NOT get tri-focals, because: 
  1.  They force you into an even more rigid head position - and I believe 
that rigid posture is a major cause of computer-fatigue.  
  2.  They confused the IRS issue, which was quite clear with intermediate-
only glasses.  
  3.  I'm not old enough to wear TRI-focals, for heaven's sake!  

  Employers requiring use of CRT should consider paying for intermediates; 
should resist paying for trifocals (or even the incremental cost of tri- over 
  An acceptable alternative might be bifocals, distance/intermediate or inter- 
mediate/reading, depending upon the user's eye condition and job content.  

    - Mike 

Failure of Mexican Networks

Wed 2 Oct 85 13:43:03-EDT

This doesn't refer to computer networks, but it is similar.

According to Fred Goldstein on Telecom Digest (Telecom-Request@MIT-MC.ARPA),
phone service from most of the world to Mexico City was destroyed by the
collapse of the building containing the switches, frames, etc. for Mexico
City's international gateway switch.

Sites which are major network nodes collapsing due to earthquake/etc could
result in a similar effect.

David Flory

BITNET ----> z.hxwy-f@CRNL20A.BITNET

    [Good engineering tends to avoid sensitivity to single-point failures 
     and to avoid singly connected nodes.  Designing for massive failures
     and disasters is of course much more difficult.  PGN]

Technical Reports Lists

Laurence Leff <leff%smu.csnet@CSNET-RELAY.ARPA>
Fri, 27 Sep 85 13:38:21 cdt
To:  [... all sorts of lists...]

   [Here is what could be a useful service if suitable indexing occurs.  I
    have stripped Laurence's message down.  SEND to him for the original.
    This is of course more general in scope than just RISKS, but seemed
    worth including. -- in case you missed it elsewhere.  Respond to him,
    not me.  PGN]

I have volunteered to organize an electronic mechanism for the distribution
of technical report lists from Universities and R&D labs.  Some (and
hopefully all) of the people producing technical reports would send a copy
of the list to me.  I would then send these to a moderated group on USENET
as well as a mailing list for those sites on the INTERNET who do not get
news (ARPANET, CSNET, etc.).

I need two things from you:
  1) if your organization prepares technical reports and sends them
      out to interested parties (perhaps for a fee), please arrange
      to have electronically readable copy of your lists sent
      to trlist%smu@csnet-relay.  
  2) if people at your organization would like to receive lists
     of tech reports produced by universities and R&D labs, please
     provide me an electronic address to send them to (if you are not
     on USENET).  Send such administrative mail to trlist-request%smu@

Please report problems with the web pages to the maintainer