The RISKS Digest
Volume 10 Issue 16

Tuesday, 31st July 1990

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Etalfried Wedd's Loan Authorization
John W. McInroy
Pilots vs. automation
Henry Spencer
Widespread use of computer simulations as evidence in court
Jon Jacky
Oklahoma computer system foulup
Steve Bellovin
Big Brother getting bigger
Clifford Johnson
RISKS of Publicly-conducted Benchmark Demonstrations
Richard Busch
Citibank, ATM, electronic transactions
Melik Isbara
USAF ecm systems: software 2 years late
Martyn Thomas
A320 FADEC Software Diversity??
Pete Mellor
Hubble problems
Eugene N. Miya
Re: Pentagon Pizza
Henry Spencer
More on carpal tunnel syndrome/RSI
Blake Sobiloff
CTS info requested
Alan Wexelblat
Risk Management in the public sector (Request for info)
Mark A. Yedinak
Info on RISKS (comp.risks)

Etalfried Wedd's Loan Authorization [FROM John W. McInroy]

"Peter G. Neumann" <>
Sat, 28 Jul 1990 15:18:54 PDT
We have had tales of computer-perverted names before.  John W. McInroy
(Lockheed, Austin) sent me a very cute article by Mike Kelley that appeared in
the Austin American-Statesman (23 July 1990, p. A8) describing a computer
generated letter recently received by the Austin law firm of Friedman,
Weddington and Hansen.  Their local bank computer referred to the firm account
as "Friedman Wedd etal".  This of course led to a letter to Etalfried Wedd from
a financial services company, with a "Pre-Approved Loan Authorization" for $750
requiring only a signature, "because you have demonstrated that you maintain a
good credit record ..."

In a wonderful spoof that I will only summarize here, Mike Kelley wrote about
"Etalfried" answering indignantly that $750 "does not justify the time it takes
to sign my name", the finance company upping it to $5,000, another indignant
response, then an offer of a loan for $250,000.  The story ends with Etalfried
finally getting an unsecured cash loan of $3.4 billion and retiring to "elegant
and commodious surroundings on the sea in a small and remote South American
country. ... It is also reported that he takes particular delight in reading
over and again the account of how Tom Sawyer contrived to whitewash Aunt
Polly's fence."  Congratulations to Mike Kelley for spinning a fine yarn.

Pilots vs. automation

Wed, 18 Jul 90 22:13:44 EDT
The 30 May issue of Flight International notes an interesting FAA decision.
The latest wonderful innovation for airliners is TCAS, the Traffic alert
and Collision Avoidance System, which uses transponder returns from other
aircraft to report significant collision hazards and advise the pilots
on evasive action.  The first TCAS systems are now in airline testing.

The decision says "...enforcement action will not be initiated against
flightcrews who deviate from an assigned clearance issued by air traffic
control when that deviation is in response to a TCAS-generated resolution
advisory and the response is in accordance with the air carrier's approved
flight procedures".  (A "resolution advisory" is, roughly speaking, a
report of imminent danger; TCAS can also issue "traffic advisories",
milder warnings of potential trouble, not mentioned in the FAA ruling.)

The airlines and the pilots' union are satisfied with this for now, but
would like to see changes to the laws, rather than just a promise not to
enforce them, in the long run.

This brings to mind an interesting thought: who gets the blame if (when) a TCAS
warning *causes* a collision, through either electronic or human confusion?

      Henry Spencer at U of Toronto Zoology                utzoo!henry

Widespread use of computer simulations as evidence in court

Tue, 24 Jul 1990 21:57:16 PDT
Here are excerpts from THE SEATTLE TIMES, July 23 1990 p. E3:


ORLANDO, Fla. --- The truck driver claimed he couldn't avoid hitting and
severely injuring the 9-year-old riding a bike.  But a one-minute computer
simulation depicting the 1986 accident near St. Cloud, Fla., showed that
the driver had enough time to miss the rider.  The truck driver's insurance
company settled the lawsuit in 1988 for $2.1 million. ...

Whether in depicting auto accidents, plane crashes, industrial accidents or
other events, computer animation is fast developing into a powerful legal
tool that helps lawyers win cases.

The technology is used primarily by personal injury lawyers who are trying to
win big-dollar awards for their clients.

F. Lee Bailey, one of the nation's top trial lawyers, told a group of lawyers
at a recent Florida Bar annual meeting in Miami Beach that computer animation
is becoming as important as courtroom rhetoric in winning cases.

"There are untold opportunities for the use of animation in the courtroom,"
said Bob Scott, head of Juris Corp., an Orlando company that produces courtroom
exhibits and recently began offering computer animation.  "I believe in five
years it will be the predominate methodology in showing demonstrative
evidence," Scott said.

[ There is at least one firm in Seattle that specializes in creating computer
animations of accidents for use in court.  - JJ ]

Jonathan Jacky, University of Washington, Seattle

Oklahoma computer system foulup

Mon, 23 Jul 90 23:17:12 EDT
In Oklahoma, about 18,000 state employees were paid late — very late --
because of the cutover to a new computer system.  As of today — 12 days
after they should have been paid — only half of them had received their
checks.  The state was forced to use an older computer system to write
the checks; additionally, since the news story indicates that they had
to draw on a special reserve fund, it would seem that the entire disbursement
system, and not just the payroll system, is involved.

The problem — the new code apparently runs too slowly, and input tapes are in
the wrong format.
                                    --Steve Bellovin

Big Brother getting bigger

"Clifford Johnson" <A.CJJ@Forsythe.Stanford.EDU>
Thu, 12 Jul 90 13:54:59 PDT
Excerpted from Gov't Computer News, July 9, p.8:


The Justice Department plans to spend $5 million developing systems for its new
National Drug Intelligence Center ...  [and] about $55 million to establish
the center ... they expect annual operating costs to be about $27 million.
The Justice plan calls for NDIC to become totally operational in 1992 ...

Members of Congress and groups such as Computer Professionals for Social
Responsibility and the ACLU have voiced concerns ... they have questioned
whether the center might violate privacy laws by using electronic information
and linking numerous federal databases into a national database.  Thornburgh
attempted to quell these fears saying "It's not 'Big Brother'" ... other
agencies involved include the the Customs Service, the Coast Guard, the
Immigration and Naturalization Service and the FBI.  The Defense Department
also has assumed increasing responsibility.

An example of the latter is a similarly expensive facility for the Navy, which
will integrate data from various radars, besides listening in on telephone
calls and so forth.

RISKS of Publicly-conducted Benchmark Demonstrations

13 Jul 90 14:44:41 PDT (Friday)
>From a recent issue of "Computing," the weekly newspaper of the British
Computing Society:

  "When it comes to choosing a speedy communications channel in today's
  technology market-place nothing beats a pigeon.  Fax company Faxit Europe
  discovered this to its embarrassment, after pitching one of its high-tech fax
  machines against Joe, a four-year-old Blue Chequer pigeon.

  "The company wanted to show at the launch of its new public pay-fax credit
  card system that fax is quicker than flight. But they hadn't bargained with
  Joe, a winner of two open races.  Joe beat the fax in a one mile challenge
  race, arriving more than a minute before the caricature drawing of him
  emerged from the machine.

  "Executives at Faxit Europe were left perhaps not so much with egg on their
  faces, but with [...] on their collective shoulders."

                                                  [Like pigeon pennies?  PGN]

Citibank, ATM, electronic transactions

Melik Isbara <>
Fri, 13 Jul 90 02:00:53 GMT
I am posting this article to inform the netters about a problem with Citibank
ATM machines and to ask for any information and suggestions.  Please bear with

When I received my last bank statement, I have noticed three transactions in
which $900 dollars were withdrawn from my accounts from a Citibank ATM machine
at a downtown NYC branch which I have never used.  ($900 were withdrawn in
three transactions.)

    1.  I did not do those transactions.
    2.  When they took place I was at work out of NYC.
    3.  I did not lose my bankcard or give it to anyone.
    4.  I did not write down my password or tell it to anyone.

After I received my statement I went to my branch and talked to a customer
representative.  After a couple of days I got two letters from Citibank saying
that results of their investigation (which consists only of looking at the ATM
machine records for those specific transactions) showed that for those
transactions my bankcard and my password were used therefore they could not
honor my claim.

Now my guess is that this is most probably a software problem because last
weekend I went to the branch where money was withdrawn and there was a sign
on the door saying that the ATM machines there were out of order. I also
learned that they have been out of order for about a week.

I am going to take a legal action against to Citibank therefore
I would like to know if anybody is aware of a similar situation or if anyone
has any ideas on how this might have happened.  I would appreciate any
information and suggestions that can help me to fight Citibank to recover my
money and to explain how this event might have happened.

Please e-mail to  or
Thanks in advance.

Melik Isbara, Columbia University, Dept. of Electrical Eng.

Disclaimer: My employer is not responsible for the content of the article
posted above.

USAF ECM systems: software 2 years late

Martyn Thomas <>
Tue, 31 Jul 90 14:37:43 BST
According to Flight International (25-31 July 1990, p13), the US General
Accounting Office has discovered that the Westinghouse electronic
countermeasures (ALQ-131 jammer) on F16s and F111s in Europe are inoperative
because the "no suitable software had been supplied" for the "Loral
receiver-processor", two years after delivery.

Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel:    +44-225-444700.   Email:

A320 FADEC Software Diversity??

Pete Mellor <>
Fri, 22 Jun 90 22:36:18 PDT
The Electronic Flight Control System (EFCS) is not the only flight-critical
software controlled system on the A320. The Full Authority Digital Engine
Control (FADEC) is another.

Single points of failure of hardware can be eliminated from system design by
using redundant components or hardware subsystems. To achieve a similar
design aim where software is concerned requires diversity. The EFCS in fact
incorporates both software diversity, hardware design diversity, and hardware
redundancy. See, for example:

Traverse P.J.: "Dependability of Digital Computers on board Airplanes"
          Preprints of 'Dependable Computing for Critical Applications',
          IFIP WG 10.4 Intl. Working Conference, Santa Barbara, CA, Aug.1989,
          pp 53-60

I have recently received copies of:

Cosimo J. Bosco: "Certification Issues for Electrical and/or Electronic
                  Engine Controls."
                  SAE Technical Paper Series #871844, 1987
       Keywords:  EEC electronic engine controls FADEC certification issues


Federal Register Vol. 54, No. 17, Jan.27, 1989, Docket No. NM-26:
  "Special Conditions: Airbus Industrie Model A320 Series Airplane."
  (Final special conditions for certification)

Bosco states (p. 20) that "The all electronic FADEC is usually a completely
redundant, dual-channel, primary/secondary type of system. Current systems
have successfully employed *ESSENTIALLY THE SAME SOFTWARE* in each of the
redundant channels." [my emphasis]

Now, if the same software is loaded into redundant hardware processors, any bug
is a potential source of single-point failure of the system as a whole. Bosco
in fact goes on to discuss this very point.

The final special conditions in docket NM-26 do not require diversity as such,
only that "...the components of the propulsion control system...must have the
level of integrity and reliability of a hydromechanical system (HMC) meeting
current airworthiness standards".

In the discussion printed below this statement of the requirement, it is stated
that in practice this " demonstrated by an inservice loss of thrust
control approximately once per 100,000 hours of operation...This level of
reliability for the loss of thrust control on one engine will result in an
overall airplane propulsion control system reliability that is consistent with
the guidance [presumably 10^-9 probability of failure as in AC 25.1309-1]
associated with 25.1309(b)(1), *ASSUMING AN INDEPENDENCE OF THE FAILURE

The question that I ask is therefore: "Does the FADEC as *actually*
certified on the A320 employ diverse software in the different channels?".

My suspicion is that the FADEC does not incorporate dissimilar software, and
that its software can therefore be a source of common mode failure for the
whole propulsion control system. This would seem to contradict the special
condition referred to above. At the same time, the FAA seems to be very well
aware of the common mode failure potential of software.

Even if the same two dissimilar programs are present in both FADECs, it is
possible for a bug in one homologue to be a common point of failure between
the two engines.

FADECs are relatively mature devices. Does anyone out there have any hard
information, particularly references to published papers?

Peter Mellor, Centre for Software Reliability, City University,
Northampton Square, London EC1V 0HB   Tel.: +44 (0)71-253-4399 Ext. 4162/3/1

Hubble problems

Eugene N. Miya <>
Sun, 1 Jul 90 17:29:26 -0700
"Ain't hindsight wonderful?"

First off, any large complex project is bound to have problems.  I'm not saying
that I support my employer or defend the HST.  Consider for instance that other
institutions are also bound to have used some of the same types of components
in their systems: Perkin-Elmer (and its subsidary), Lockheed, etc. are all
going to feel this (in one investigation which JPL was involved, LMSC was also
blasted by Congress).  P-E is making mirrors and instruments for other
projects, I would worry about Keck for instance.

Second, every project is a set of compromises.  I've have seen other criticisms
of HST in the science press before launch and also had my own crticisms of
GSFC.  Those of "us" who have been on "losing teams" aren't off saying "I told
you so."  But in finger pointing, it does not help to keep wheat and chaff
together.  The less noise when trying to locate problems, the better.

Lastly, it is important to note this isn't bad just for NASA but bad for big
science and science projects in general.  I worry about the "climate" for any
research in this country, because research tends to fail 90% of the time (if
you really need a reference for this I have it).  The next time, it might not
be a satellite telescope, but maybe a particle accelerator, a computer project,
or who knows.  Are we are too involved in finger-pointing and not enough
involved to 1) help fix, 2) stay out of the way of those trying to fix (keeping
quiet unless we have significant info)?  Are we contributing to the demise of
any research funding (DARPA, NSF, NASA, DOE as well as private) at all?

e. nobuo miya, NASA Ames Research Center,
  {uunet,mailrus,other gateways}!ames!eugene

Re: Pentagon Pizza

Mon, 30 Jul 90 12:28:23 EDT
>interviewed someone from Domino's and he said that prior to the Panama invasion
>deliveries to the Pentagon jumped 25%.  ...

This sort of thing is not new.  During WW2, John Campbell — editor of
Astounding Science Fiction and essentially the founder of modern SF --
apparently had a wall map with colored pins showing the distribution of A.S.F.
sales.  He found it interesting that A.S.F. sold many copies in obscure places
like Oak Ridge and Los Alamos, where there wasn't supposed to be anything
noteworthy going on...
                       Henry Spencer at U of Toronto Zoology       utzoo!henry

CTS info requested

Wed, 18 Jul 90 12:30:43 edt
Recently, several informative articles on Carpal Tunnel Syndrome (CTS)
appeared in RISKS.  I would like to correspond with any RISKS readers who
have first-hand experience with the condition and its treatment.

Please write or call me.

--Alan Wexelblat
Bull Worldwide Information Systems  internet:
phone: (508) 294-7485 (new #)       Usenet:!know!wex

More on carpal tunnel syndrome/RSI

Chrome Cboy <>
Thu, 12 Jul 90 09:19:38 CDT
>Date: Thu, 28 Jun 90 14:11:52 EDT
>Subject: Re: info on carpal tunnel syndrome (CTS)

Henry Spencer asks:
>What was the incidence of CTS twenty years ago, when electric typewriters
>routinely had non-linear force-depression curves?  Or before that, when
>manual typewriters required far more finger pressure than any modern
>keyboard?  Yet again, we have here a case of a "computer risk" that isn't
>really new, and data from olden days could be very useful in deciding what
>*really* causes it.

Unfortunately I don't know of any data that is available concerning RSI in
typists before the introduction of computers to the work environemnt. However,
what Henry is overlooking is how a typist's job has changed with the advent
of computers. Instead of having to pause every page to change the paper, and
in some cases at the end of every line to return the carriage, now a person
can sit at a computer uninterrupted for hours on end. This greatly increases
the amount of stress on the carpal tunnel because there is very little
variance in movement any more.

I agree that it would be nice if there were data from the "olden days" that
details typists, but all the data I am aware of (which isn't much) deals with
RSI in factory workers. I wish I could interpret this as meaning that RSI was
not prominent enough to garner any attention, but that would be overextending
the data (or lack thereof).

Also, RISKS readers might want to familiarize themselves (if they aren't
already) with the RSI problems in Australia. This is a very interesting
situation where the incidence of RSI is very high, but there is some data that
suggests that the explosion of RSI cases may have more to do with
unsatisfactory work conditions (pay, not posture) and the health-care system's
treatment of RSI than with actual physical problems. I'm afraid I don't have
any references handy, but I could provide them in short order if anyone wishes
to pursue this further.
                Blake Sobiloff, St. Olaf College

Risk Management in the public sector (Request for info)

Mark A. Yedinak <yedinak@motcid.UUCP>
17 Jul 90 14:26:12 GMT
I am posting this for my father, who is looking for text on the subject of Risk
Management within the public sector. He is interested in automating a materials
handling system and would like information on the risks associated with
automation of similar systems. He would also be interested in any other
significant articles relating to risk within the material control and financial
management areas. Email can be sent to me directorly at the below
address or to him via US Mail or fax at:

    Mike Yedinak,   Chicago Transit Authority
    Merchandise Mart Plaza  Room 725
    Chicago, IL 60654                            Fax: 312-763-6369

Thanks for the assistance.

Mark A. Yedinak, Motorola - General Systems Sector, 3205 Wilke Road,
Arlington Heights, IL 60004   708-632-2874        - uunet!motcid!yedinak

Please report problems with the web pages to the maintainer