Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 11: Issue 69
Saturday 18 May 1991
Contents
42 die in Japanese train crash under manual standby operation- PGN
- Electronic Ballot Voted Out in World's Largest Democracy (India)
- Les Earnest
- Central postal/banking computer failure in Japan
- anonymous
- Of Two Minds About Privacy???
- Mary Culnan
- The Death of Privacy?
- Jerry Leichter
- Re: Horible Speling
- Les Earnest
Brinton Cooper - (Bogus) IBM red switch
- Mark Seecof
- Emergency off switch - IBM 1620
- Stuart I Feldman
- IBM Emergency pull switches
- Gene Spafford
- Re: Four-digit address causes NYC death
- Scott Barman
- Re: Transactional Records Acess Clearinghouse
- Larry Hunter
- Info on RISKS (comp.risks)
42 die in Japanese train crash under manual standby operation
"Peter G. Neumann" <neumann@csl.sri.com>
Sat, 18 May 91 14:05:47 PDT
Investigations of the head-on collision on 14 May 91 were apparently focusing on the railroad crews, who were supposedly using hand signals because of the malfunction of an automatic signalling system at a 100-foot long siding that had recently been installed especially for running trains from Kyoto to a world ceramic arts festival at Shigaraki, 215 miles south of Tokyo. 42 died, 415 were injured, 1.5 miles from the siding at which the trains were supposed to have passed. The train was carrying 2.5 times its normal capacity, "but packing trains is not illegal in Japan and is so common that big-city commuter lines assign workers to push the last few passengers through the doors at the daily rush hours." Source: John E. Woodruff, Baltimore Sun, datelined Tokyo, in the San Francisco Chronicle, 15 May 91. p.A7.
Electronic Ballot Voted Out in World's Largest Democracy
Les Earnest <LES@SAIL.Stanford.EDU>
16 May 91 1424 PDT
By SRINIVASA PRASAD, Associated Press Writer BANGALORE, India (AP) - India has had the electronic voting machine for 10 years. But when parliamentary elections are held next week, vote counters will again be tallying more than 300 million slips of paper - one by one. Use of the machine previously was snagged by legal barriers, opposition by politicians, doubts about the ability of rural Indian voters to use it and fears it could be rigged. Those hurdles were finally cleared, but the national Election Commission decided the nine-week run-up to the surprise elections was not sufficient to teach the 3 million polling officers how to use the gadget. About 150,000 voting machines will remain stashed in government stores. ``We have faith in the machines, but we can't take risks by using it before properly training the officers first,'' Chief Election Commissioner T.N. Seshan told reporters. There are no professional polling officials in India. School and college teachers and government clerks are hired as part-time election supervisors. The three days of voting spread over next week were called hastily after the minority government of Prime Minister Chandra Shekhar resigned abruptly on March 6 because of difficulties in governing. He will remain in office until replaced. Indian voters elect their candidates by using rubber stamps to mark ballots, which are printed with election symbols of political parties or independent candidates. Emblems instead of names are used because 75 percent of India's 515 million voters cannot read. The emblem of former Prime Minister Rajiv Gandhi's Congress Party is an open palm. The Janata Dal party of his successor, V.P. Singh, uses a wheel. Chandra Shekhar's Janata Dal-Socialist party has a farmer with a plough inside a wheel. The Bharatiya Janata, or Indian People's Party, is identified with a lotus. Among the hundreds of symbols used by other parties and independent candidates are a bicycle, rising sun, two leaves, string cot and tree. The electronic voting machine displays the symbols on a screen with a button next to each picture. The button is pressed to register a vote and it can be used only once until the polling officer releases the mechanism. ``It is precisely to minimize rigging that the Indian machines have several features that are not there in the ones used in developing countries,'' said L.S. Anant of the state-owned Bharat Electronics Ltd., which makes the machine. Many observers say voting machines would cut costs and get faster results. They say the threat of election rigging is no worse than the current system, which brings frequent charges of ballot-box stuffing. National elections are time consuming and costly in India, the world's second most populous nation and the world's largest democracy with 844 million people. The number of voters is more than twice the United States' population, although only 310 million to 370 million people usually cast votes. Because of the vastness of the country polling is normally spread over three days to allow security forces to be shifted to protect the 600,000 polling stations. The votes will be counted continuously after the first day of elections Monday and final results will be announced three days after the last day of polling, May 26.
Central postal/banking computer failure in Japan
<[anonymous]>
Thu, 16 May 91 09:12:39 xxx
Computer failure hits post office banking in 6 prefectures
Sendai, May 16 (Kyodo) - A large postal banking computer went down Thursday
at a computer center in Sendai, putting banking machines out of action for more
than three hours throughout Hokkaido and five prefectures in northern Honshu.
Computer technicians had the main computer, one of three at the ministry of
posts and telecommunications East Japan no. 2 computing center, back on line
shortly before noon but postal authorities could not say what had caused the
computer to fail. A total of 1,200 post offices throughout Hokkaido and the
northern prefectures were affected, with 1,300 automatic teller machines and
cash dispensers out of action. Another 3,000 transaction machines used by
counter clerks at 2,900 post offices were also inoperable.
According to postal bureau officials, the automatic teller operations can
be shifted to an auxiliary computer if one of the three main computers goes
down but this failed after thursday's breakdown. Counter clerks in the post
offices processed transactions by hand during the failure, the authorities
said. Until last week, postal banking services in the four northern regional
bureaus were handled by three computer centers in Sendai, Nagano, and Otaru in
Hokkaido. To improve efficiency, however, operations were concentrated at the
center in Sendai from May 6.
Of Two Minds About Privacy ??? (RISKS 11.68)
"Mary Culnan" <mculnan@guvax.georgetown.edu>
16 May 91 21:49:00 EDT
Unfortunately, I think our privacy rights have already BEEN undermined--
at least when it comes to credit information. There are three
ways in which the privacy of credit reports is/can be violated:
1) Because credit reports are online, it is relatively easy for
unauthorized people to pull your report (recall Jeff Rothfeder,
the Business Week reporter, who got access to Dan Quayle's credit
report thru a Super Bureau).
2) The big 3 credit bureaus will prescreen your credit report for unsolicited
(by you) offers of credit and/or sell mailing lists against a different
database consisting of summarized data from your credit report.
3) TRW and Equifax will also do list enhancement with the marketing database,
that is, match their database against a tape another firm sends in and add
information about you from their marketing databse to the tape that was sent in
(assuming you are on the tape that was sent in). For example, a bank wants to
learn more about its customers--it could have its customer file enhanced with
summarized credit data. At least one firm has the Equifax marketing database
running on its own mainframe.
The credit bureaus will let you opt out of the marketing applications by
writing to them. However, in the case where the database itself has gone to a
third party, it's hard to see how an individual can exert any control over this
information.
Much of this sadly reminds me of problems raised by the Lotus MarketPlace.
Further, this is all legal due to giant loopholes in the FCRA.
Mary Culnan
The Death of Privacy?
Jerry Leichter <leichter@lrw.com>
Fri, 17 May 91 00:17:42 EDT
In a recent RISKS, David States quotes a Scientific American article stating
that "privacy legislation has been nickeled and dimed to death" - but that most
Americans, according to an Equifax survey, don't seem to mind. He wonders
whether this is an opening salvo in further attempts to limit privacy.
I think there's something much deeper going on. The more I look around me,
the more I come to the conclusion that we, as a society, have almost lost the
very idea of privacy. Consider what would, 30 years ago, have been considered
"private" by most people. A list might include such things as financial
matters - particularly how much money they make/have, health records, family
relationships, sexual matters, personal opinions about other people. Today,
huge numbers of people have access to our financial and health information,
we're encouraged to be "open" about our feelings, sex is widely discussed
(note that 30 years ago, "privacy" about sex INCLUDED not having OTHER
people's sex live discussed in public), etc.
We can blame some of the changes, particularly about things like financial and
health records, on business or government. It's hard to see how we could have
medical insurance on today's scale without such records and their relatively
wide availability, and in trade for much wider availability of information on
our financial affairs we got credit cards and such things; so even here, the
story is complex. But much of the "baggage" of privacy we threw away with
great enthusiasm during the sexual revolution and the general "opening up" of
society in the late '60's. "Let it all hang loose" doesn't mesh well with
keeping things private. "Privacy" is closely connected to "shame," but most
of the things traditionally associated with "shame" no longer are either.
About the only things we are "supposed" to be ashamed of now are legal or
ethical violations.
These are deep-seated and profound changes in our social outlook. They
happen to coincide with the emergence of a technology that is able to pierce
the anonymity of "mass living". Residents of small communities have never
had very much privacy - everyone knew what everyone else was doing. (There
was often a tacit social agreement to look the other way, of course.) But
large cities were anonymous, and people could get lost in them. Increasingly,
they no longer can.
Computerized record-keeping systems have a long history of allowing access to
"unauthorized" personnel. When this happens, it should be brought to light and
repaired. However, it's important to realize how much of our loss of privacy
is intimately connected with the DESIRED operation of our systems. Of cases I
can think of from my own personal experience where I felt my own sense of
privacy to be violated, one of the most vivid involved having to discuss
details of medical treatment with a clerk for some insurance company. By the
very nature of the insurance, this clerk was authorized to determine whether I
was making a proper claim; but my gut reaction was "this is none of your damn
business, I talk to my doctor about that".
-- Jerry
Horible Speling (RISKS-11.66)
Les Earnest <les@dec-lite.stanford.edu>
Thu, 16 May 91 21:55:45 -0700
Unfortunately, I can't blame computers for my spelling lapses, having grown up before they were invented. In fact I invented the spelling checker in 1967 as a cover-up. I had created a list of the 10,000 most common English words on paper tape when I was at MIT for use by my program that read cursive writing. A year or so after I came to the Stanford Artificial Intelligence Lab, I got a graduate student to write a spelling checker using this word list. He did it in Lisp, which clanked a bit on the DEC PDP-6 that we were using. A few years later I got another student, Ralph Gorin, to write a faster and better machine language version for the SAIL computer, which by that time was a dual processor DEC-10/PDP-6 system. Freeware was the norm then -- no one even _thought_ of patenting software. From SAIL, the spelling checker spread via Arpanet throughout the DEC-10/20 world, then on to other timesharing systems. When personal computers appeared later, these meddlesome programs became ubiquitous. (I note, however, that the one running here under emacs doesn't recognize "meddlesome.") Unfortunately, spelling checkers don't deal with another composition problem of mine -- fingers that often spell phonetically when I go fast -- because homophones pass the spelling test. Incidentally, though the venerable SAIL computer now appears to be the oldest living timesharing system in the world, it hasn't been maintained for a long time and is beginning to show Alzheimer symptoms. On the afternoon of June 7 we plan to have a party celebrating its 25th birthday, last rites, and wake. Anyone who would like to receive SAIL's last words, which are likely to include a boastful summary of its accomplishments, should send a message (content unimportant) to Farewell@SAIL.Stanford.edu. Les Earnest, 12769 Dianne Drive, Los Altos Hills, CA 94022 415 941-3984 Internet: Les@cs.Stanford.edu UUCP: . . . decwrl!cs.Stanford.edu!Les
Re: Horible Speling (Engst, RISKS-11.66)
Brinton Cooper <abc@BRL.MIL>
Thu, 16 May 91 15:05:19 EDT
My wife's pupils (grade 4) use a spell checker in connection with a word
processor that's only a little more than an electronic typewriter. Targeted
for children, the spell checker will flag homophones (homonyms?) and ask the
user if he/she knows which one he/she really wants. This feature seems to be
in the spirit of Adam's point.
However, if the teachers of today cannot spell without that electronic crutch,
I'd be more likely to complain to (1) them, (2) the school district who hired
them, (3) the "university" which trained them, and (4) the public schools where
they didn't learn to spell.
_Brint
(bogus) IBM red switch
Mark Seecof <marks@capnet.latimes.com>
Thu, 16 May 91 13:44:21 -0700
Okay, I can't resist adding to the red-switch discussion. I used an IBM 1401 in high school. It had an "emergency" power-off switch--which no one ever pulled. It also had a 1403 600-LPM line printer. If you placed an invalid character in the carriage-control column of a FORTRAN output record, the line printer would spazz out and feed paper continuously at high speed. The printer would emit a loud and distinctive scream as paper shot dramatically from the back. Of course, inexperienced student programmers who provoked this behaviour would try to stop the printer by punching the large red STOP button on its console. Ha! That button, like its twins on the read/punch unit and CPU cabinet, would halt the processor but have no effect on the printer. There was a transparent button with some innocuous label (I don't remember the exact wording and my manual is at home) which would actually stop the printer. Because panicky students weren't likely to find the proper button before hundreds of feet of paper were propelled through the printer, the official technique for dealing with the situation was to step on the paper in the paper box (which stood open beneath the front of the printer). The printer would tear the paper off neatly at a page-perf and then sit there whining until someone punched the proper button. Moral? The large red STOP button on the front of a machine should stop THAT MACHINE, not some other machine on the other side of the room. This is even more important when the machine in question is a mechanical device which could injure someone (suppose your regulation IBM computer-programmer's tie got caught in the tractor feed mechanism as you were peering at some output...). (Also on the subject of red switches, I have been informed that the reason the newer IBM PS/2's and RS/6000's have white power switches is because of a German government regulation which demands that the ONLY red switch in an entire computer room be one which turns off all power to all equipment in the room, and it was easier for IBM to fit all small computers with white power switches than to fit some with red and some--for sale in Germany--with white. Note also that the Germans have proposed that their (sometimes silly) rules be adopted by the whole EEC.) Mark Seecof, Publishing Systems Department, Los Angeles Times, Times-Mirror Square, Los Angeles, California 90053 Voice: 213-237-7605 Fax: 213-327-3119
Emergency off switch - IBM 1620 (RISKS-11.67)
Stuart I Feldman <sif@lachesis.bellcore.com>
Fri May 17 21:40:58 1991
If we are reminiscing about ancient unsafe designs, consider the IBM 650, which had both `AC power off' and `DC power off' buttons. The DC power off turned off the active logic (vacuum tubes!). AC power off didn't actually do that, but initiated the power down sequence, which included putting on the braking rotors for the magnetic drum (cylinder rotating at 12,500 rpm). The corresponding `AC power on' button started the spin-up motors. For lack of a relay, there was no interlock between these functions, and it was possible (or so I was warned as a tyke) to warm up the drum by having the two motors fight each other. So what's so strange about a guillotine for the power cord?
IBM Emergency pull switches
Gene Spafford <spaf@cs.purdue.edu>
17 May 91 02:26:32 GMT
Back in the 1981-1983 timeframe (the exact year escape me), IBM donated some equipment to the School of Information and Computer Science (now the College of Computing) at Georgia Tech. Included in this donation were 3 IBM Series 1 machines. Each of these was equipped, in the upper right-hand corner, with a bright red "Emergency Pull" switch. Those of us using the Primes, Vaxen, and AT&T gear made jokes about the switch (and about the IBM gear in general). Little did we know at first.... In the 7 years I was at Tech, I saw lots of equipment pass through the lab. We had, other than the IBM gear, AT&T 3bX's, Primes, HP systems, Data General, Xerox, Symbolics, and various other bits & pieces, including lots of telecommunications gear. In all that time, with over 100 machines, we had 4 fires in the lab. One was caused when a CDC disk drive on one of our Prime 400 machines had its bearings seize (the disk had been on-line for something like 6 years with no maintenance, and the machine had been up for over a year without a reboot, as I remember -- the most reliable collection of hardware I've ever seen). The fire was well-behaved and put itself out; the Prime continued to run, but the first command typed at the console that caused a page fault caused a panic halt. The other 3 fires were all IBM Series 1 machines. These weren't just little blow-a-capacitor-and-create-smoke fires, either. They were burn-up-the-power-supply type fires that took controller boards with them. One was so complete, we had to dispose of the machine as there was too little to salvage, as I remember. We concluded that the pulls were not there out of tradition, but were installed because experience or choice with the design indicated that they were necessary to deal with the tendency towards self-immolation. Ever since then, I have believed that any machine that has an emergency pull probably needs one. Computers that are likely to catch fire or electrocute me (see the old Risks posting about the jealous computer electrocuting the scientist) are not high on my list of preferred computing platforms. I also tend to flinch when a sales-critter tells me his cpu really smokes; it took me a while to even tolerate the idea of using a SPARC. :-) Gene Spafford, NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-1398
Re: Four-digit address causes NYC death (Pellett, RISKS-11.60)
Scott Barman <scott@nbc1.ge.com>
Thu, 16 May 91 13:56:27 EDT
The original posting (Nilges, RISKS-11.55) came from a report aired on WNBC in New York. To find out more about this, I spoke with a director I know who is familiar with the story (he did not work on the story and the original reporter/director is out on assignment). I was reminded of something that Mr. Ravin forgets; a large parts of Queens was not fully developed until after World War II. There are a lot of addresses that look like they would cause a conflict when given, such as an 83rd Street vs an 83rd Avenue address as well as cross streets with names (the incident in the report happened off of Queens Blvd.). Over that time, the city assigned different address numbers on some of these and nearby streets to hopefully avoid conflicts and give emergency services a better chance of finding these places. Unfortunatly, over the years the city has never properly adjusted the "official" city specifications for addresses and this specification is what they used for designing the 911 system. Bob Frankston <Bob_Frankston%Slate_Corporation@mcimail.com> writes: >Representation is a nontrivial issue. While it may be "obvious" that one >should allow for five digit addresses, what about fractional addresses due to >subdivided lots (how do you say "384 3/8e 1St SW" in ASCII, how does it >sort?? Apartment addresses? Alternative addresses (6th Ave vs Avenue of the >Americas)? Why not require full color graphics and then discover you can't >present it on a belt-mounted radio? Curious about the 6th Avenue vs. Avenue of the Americas differences (since part of this building is on 6th Ave.), we contacted the NYC Emergency Services Bureau and were told that the system understands the addresses at 6th Avenue and the operators are trained to use 6th Avenue instead of Avenue of the Americas in the computer and when dispatching assistance. Oh, and there are no "3/8" addresses. There are halves and they are addressed in the system (albeit badly I have been informed). Also, NYC does not use compass directions like SE or SW but does used an address like "40 W. 50th Street" and these are addressed as well. Another problem the report didn't cover, and nobody did either, is that there is a problem (again in Queens) with Harry Van Arsdale Drive. This street name was changed a few years ago from Jewel Avenue and is entered in the Emergency Services Bureau computer as two different addresses because there is no way to properly link these addresses in that system. So a person can call and report a fire at (for example) 80-15 Jewel Avenue and another person can call and report one at 80-15 Harry Van Arsdale Drive and two dispatches will be sent. We were told the one time something like this happened, the local fire house understood it to be the same address eventhough the 911 operators didn't. ESB uses the same procedure as the 6th Ave vs. Ave. of the Americas problem but since this is a newer change and since some of the ESB operators are not from NYC (20% are New Jersey residents) they leave it up to area fire and police not to dupicate the calls. This is something ESB is looking to fix. scott barman
Transactional Records Acess Clearinghouse
Larry Hunter <hunter@nlm.nih.gov>
Fri, 17 May 91 10:07:41 EDT
I have been inundated with messages asking me for more information about David Burnham's Transactional Records Access Clearinghouse (note the correction of the name from my posting in RISKS-11.60). Here is contact information for those of you who would like to know more about the organization: Transactional Records Access Clearinghouse, 999 Pennsylvania Ave., SE, Suite 303, Washington, DC 20003 (202) 544-8722
Report problems with the web pages to the maintainer