The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11 Issue 47

Tuesday 16 April 1991

Contents

o "Electronic mail message may be bylaws violation"
PGN
o Nuclear Detonation Model Wanted
Michael Squires via Bostic and Spafford
o Automated car parking?
Alayne McGregor
o Databases v. Privacy in Europe and the US
John Sullivan
o Re: European police networks
Sanford Sherizen
o Fear of Information Age/Systems
Bob Estell
o Re: Simulation: Minus heart disease, life expectancy only 3 years greater!
Brinton Cooper
Jeff Johnson
o Re: Euro Update on Dunlop and Kling
Rob Kling
o Info on RISKS (comp.risks)

"Electronic mail message may be bylaws violation"

"Peter G. Neumann" <neumann@csl.sri.com>
Tue, 16 Apr 91 12:01:22 PDT
The Stanford Daily on 15 April 1991 had a front page article by Howard Libit,
staff writer, on Nawwar Kasrawi, a Stanford senate associate and election
candidate who on 14 April sent EMail to over 2000 students urging them to
support the People's Platform Council of Presidents `Stand and Deliver` slate,
senate candidates, and special fee requests.  Academic Information Resources,
which operates the campus computer system, froze his account soon afterwards,
because the messages were clogging the system.  There is debate over whether he
violated election bylaws governing the use of EMail in elections, whether the
disk space used exceeded AIR policies, and whether the fair-market value of the
mailing would exceed the campaign spending limits.  It seems to me as an
uninformed observer that the existing guidelines did not adequately anticipate
all of the potential (mis)uses, creative and otherwise.  The article listed
various unrelated problems, and did not indicate whether this election would be
conducted on-line as was the case in a recent election, noted here in RISKS...
PGN


Re: Nuclear Detonation Model Wanted (Michael Squires via Keith Bostic)

Gene Spafford <spaf@cs.purdue.edu>
Tue, 16 Apr 91 14:21:59 EST
From: bostic@okeeffe.Berkeley.EDU (Keith Bostic)

From: mikes@iuvax.cs.indiana.edu (Michael Squires)
Newsgroups: alt.sources.wanted
Subject: Re: Nuclear Detonation Model Wanted.

The Office of Civil Defense published a book called "Nuclear Weapons Effects".
It was used in CD training classes.  It contains equations and nomographs that
will let you determine how quickly an air, land, or water burst will demolish
various structures.  GE published a little booklet in the '60's (the may still
do it) that contained a nuclear weapons effects slide rule, plus similar
tables.

In terms of computer software the most famous isprobably the SIR NEM model
(Strategic International Relations Nuclear Exchange Model) created by the
Agency for Interscience Methodology in Chicago in the 70's which was run by
ACDA and by the Joint Strategic Targeting Planning Staff.  Another model still
apparently in use is the Arsenal Exchange Model which was less disaggregated.
(This is current as of 1980, the last time I spent much time in this area..)
The sources for SIR NEM were available from ACDA at one time, with all the
comments removed (except for the JSTPS line numbers!).

An interesting aside: when I recompiled a version of AEM that I know was used
during the SALT I talks I was interested to find 13 FORTRAN errors missed by
the more primitive compilers of the early 70's (CDC 3600 FTN).  These were all
uninitialized variables.  Now, about that 100% reliability you promised....

Mike Squires (mikes@iuvax.cs.indiana.edu)     812 855 3974 (w) 812 333 6564 (h)
mikes@iuvax.cs.indiana.edu          546 N Park Ridge Rd., Bloomington, IN 47408


automated car parking?

Alayne McGregor <alayne@geas.gandalf.ca>
Tue, 16 Apr 91 09:39:02 EDT
The local CBC morning show in Ottawa had an interview with a Volkswagen of
Canada representative this morning about a car that supposedly parallel-parks
itself.

The representative said the car is a test prototype built by Volkswagen of
America. It can sense whether a parking space is large enough, and place itself
in the spot with only inches to spare on either side. The driver does not need
to be in the car.

She said the proximity sensors used for this can also be used while driving to
ensure the car does not get to close to other cars.

I wonder who would be liable if the car software bashed the next car while
parking, or if it ran over a cat, dog, or child on its approach. One would
think the location and range of the sensors would be very important.

Alayne McGregor       alayne@gandalf.ca


Databases v. Privacy in Europe and the US

<sullivan@poincare.geom.umn.edu>
Tue, 16 Apr 91 15:03:13 CDT
Two pointers to recent NYT articles:

Front Page, Thursday, April 11: "Europe's Plans on Privacy Upset Business"
describes new rules the EC is considering regarding corporate databases.  All
databases would have to be registered with a government authority.  Customer
lists or other data could not be sold without the customers' permission.
Databases would not be able to be transferred to outside countries with less
stringent laws.  American companies with European subsidiaries are worried they
would have problems keeping track of personnel.  Critics claim a strict
interpretation would prevent, say, European Airlines from taking reservations
from overseas, since this would involve info like credit card numbers.

Business Section, Sunday, April 14: "The Man With All The Numbers" talks about
James Bryant, who sells the complete contents of all US phone directories
(white pages) on 2 CD-ROMs, for about $2k.  His company, Phone Disk, used to
compile the list of about 100M names from direct marketers, but a recent
Supreme Court ruling has established that White Pages listings are not
copyrighted.  Bryant hopes eventually printed white pages (which use 4 million
trees' worth of paper) will be unnecessary.
                                              --John Sullivan@geom.umn.edu


Re: European police networks

Sanford Sherizen <0003965782@mcimail.com>
Tue, 16 Apr 91 17:27 GMT
Pete Jinks <pjj@cs.man.ac.uk> asked about the European Nervous System (ENS),

>"The ENS will create links between administrative computer networks [in the
>EC] including tax, social security and environmental monitoring. ...  intense
>activity on police networks which ...  will be essential when frontier control
>are relaxed in 1992". The EC "is seeking powers to make it compulsory for
>member states to link their computer systems"

>This is represented as being a vital part of a program to pump money into the
>european IT industry. I don't remember reading or hearing about this before.
>I hope that this is an April fool, but it has a ghastly ring of plausibility.

EC '92 Single Market Unification will have a major impact on information
security and privacy.  Here is some information on the topic that Pete raises.
This is taken from my book, INFORMATION SECURITY IN FINANCIAL INSTITUTIONS
(London, Dublin: Lafferty Publications, 1990).

"The Schengen Accord on open borders was signed by EC nations as an attempt to
balance the potentially contradictory goals of open borders and crime control,
particularly drug distribution.  Prior to the Schengen and similar agreements,
drug trafficking restrictions were based primarily at the state level, often
concentrating on police activities at border control offices.  The Schengen
Accord builds on previous EC action against drugs, including the establishment
of an information system or data network, to share information about suspected
criminals and other police intellgence.  The Trevi Group, which focuses on the
fight against terrorism, drug trafficking, and organized crime, also proposed a
legal regime on European information technology for identifying and controlling
criminals, particularly international terrorists and drug dealers.

Belgium, which at the time of the signing, did not have a law protecting access
to electronic data kept on file about its citizens, promised to pass new
legislation before the Agreement came into full effect.  Other European nations
outside of the EC will be brought into negotiations quite soon in order to
expand the Agreement's provisions to larger areas of the Continent."

Non-European nations, including the U.S., and international police organizations
such as Interpol, are sharing an increased amount of information that will
interface with and supplement the EC network.  The EC and Council of Europe Data
Privacy laws will play some role in defining appropriate collection and use of
police information but the fight against drugs, money laundering, and terrorism
will strongly influence how much the police network will collect and how
information will be used.
                                              Sandy

Sanford Sherizen, President, Data Security Systems, Inc., 5 Keane Terrace
Natick, MA 01760 USA  MCI MAIL:  SSHERIZEN  (396-5782)   PHONE: (508) 655-9888


Fear of Information Age/Systems

"351M::ESTELL" <estell%351m.decnet@scfb.nwc.navy.mil>
16 Apr 91 07:50:00 PDT
Two books by Alvin Toffler describe the general causes of the apparent fear
that "those in control" have of information age systems (e.g., e-mail,
encryption programs ...):

 FUTURE SHOCK, which describes how some of us are overwhelmed with
the pace of progress; and

 THE THIRD WAVE, which describes how control of the masses first
rested on control of land (in the agricultural age, the first wave),
the control of the money supply (in the industrial age, the second wave),
and will soon rest on control of information (in the informatin age,
the third wave).

"Those in control" include most traditional authority figures, not just
government; and "fear" [as I have used it] implies "lack of comfort"
BUT NOT NECESSARILY any subsequent malicious actions.

Both books are available in paperback; maybe at used book stores.
                                                                      Bob
     [Classics.  We have seen these mentioned in RISKS before,
     but include them again for our newer readers.  PGN]


Re: Simulation: Minus heart disease, life expectancy only 3 years greater!

Brinton Cooper <abc@BRL.MIL>
Mon, 15 Apr 91 22:23:41 EDT
Another risk of this computer-assisted study is that the conclusions miss the
point.  It's not adding 3 years to human life that's significant about
eliminating heart disease.  It's about the elimination of perhaps decades of
various degrees of disability; it's about perhaps not having to spend 5-10
years in a nursing home while your life's savings are not so slowly eroded.

One of the serious risks of computer-assisted studies is that the data can be
munged so quickly that the investigators don't take the time to reflect upon
the problem.  In the old days, when hordes of grad students had to collect and
reduce data more or less manually, such studies took much longer.  The PI had
plenty of time to reflect upon just what question was being addressed.


Re: Simulation: Minus heart disease... [RISKS 11.45]

Jeff Johnson <jjohnson@hpljaj.hpl.hp.com>
Tue, 16 Apr 91 16:37:33 PDT
Though the relation of the AP article (RISKS 11.45) to computer risks
does seem rather tenuous, I think a clarifying response might be useful:

Measuring and reporting average life-expectancies (by computer-based methods or
otherwise), or changes in them resulting from changes in society, has high
potential to mislead.  People tend to think of average life expectancy as
indicating how old an individual in a given society can expect to get.  In fact
the "expectancy" referred to is a statistical expectancy that probably doesn't
jibe with most peoples' notion of "life expectancy".  The impact upon this
number of eliminating a particular cause of death depends as much on the age of
the people killed as on the number of them killed.

For example, the average life expectancy in Nepal is approximately 45 years.
That seems very low by our standards.  However, when you go there (as I have),
you will find many old people; much more than you might expect from the above
figure.  The reason for the discrepancy is that one third of all Nepalese die
before they are five years old.  Those who survive past five have a life
expectancy probably not much lower than that seen in many poor U.S.
communities.  The high infant/child mortality rate pulls the average expected
lifespan down very low.  Nepalese adults want and need offspring to support
them in their old age (this is the only form of social security they have), so
they generate lots of them, expecting many to die.

Simply targetting diseases that kill large numbers of people won't necessarily
affect average life expectancy much, especially if the deaths being eliminated
are primarily deaths of older people.  The way to have a large impact on
statistical life expectancy is to target major causes of death in children.
The AP article quoted in RISKS (11.45) focuses on the "nation's leading
killer": heart disease.  I assume that the risk of death from heart disease in
our society increases with age, making it mainly a disease of adults (maybe
even mainly of seniors).  If raising statistical life expectancy is our goal,
we'd get more bang for our buck focussing on sources of infant and child
mortality, expecially where they are now highest.

Of course, raising statistical life expectancy may not be our goal.  Instead,
we may be trying to increase the longevity of those who survive to adulthood.
This is the meaning of "life expectancy" that people have in mind when they
tell one another how long people in their respective families tend to live:
only deaths by "old age" count here; "early" deaths by accident and disease are
ignored.

JJ, HP Labs, Palo Alto


Re: Euro Update

Rob Kling <kling@ICS.UCI.EDU>
Mon, 15 Apr 91 19:11:10 -0700
Some colleagues in Western Europe and Australia have asked us how to obtain
copies of the anthology Computerization and Controversy: Value Conflicts and
Social Choices (Charles Dunlop & Rob Kling, eds). This note provides
information about ways to obtain the book outside of North America.

Computerization and Controversy introduces some of the major social
controversies surrounding the computerization of society through over 50
articles.  It highlights various key value conflicts and emphasizes a wide
variety of social choices posed by computerization. It helps readers to
recognize social processes that drive and shape computerization, and to
understand the paradoxes and ironies of computerization. It is divided into
seven major section; each section begins with an analytical introduction which
identfies key controversies, frames the selections, and discusses other
litertaure as well.

To obtain Computerization & Controversy outside of North America, please
contact your local Academic Press/Harcourt Brace Jovanovich office, including:

 Harcourt Brace Jovanovich, Ltd (Western Europe and UK),
 24-28 Oval Rd.,  London NW1 7DX  U.K.
 Telephone: 44-71-267-4466   Fax: 44-71-482-2293   Telex: 25775 ACPRESS G
 Cable: ACADINC LONDON NW1

 Harcourt Brace Jovanovich Group Pty, Ltd (Australia/New Zealand)
 Locked bag 16,  Marrickville, NSW 2204  Australia
 Telephone: (01) 517-8999    Fax: (02) 517-2249

Individuals in North America may purchase copies directly from Academic
Press by calling 1-800-321-5068, faxing to 800-235-0256 or by writing to:

 Academic Press Ordering,  Academic Press Warehouse,  Order Dept.
 465 S. Lincoln,  Troy, Missouri 63379

 Computerization and Controversy is a 758 page paperback and sells for $34.95
 in US$ in the US and Canada. Prices in other parts of the world may differ
 slightly.

 Faculty who offer related courses (Values and Technology; Applied
 Ethics; Computers & Society; Information Systems and Behavior, etc.) may order
 examination copies from Academic Press.  Write on university
 letterhead, and include the following information about your course:
 class name and number, department, # of students, books used --in the
 past, adoption deadline.

 Send your requests for examination copies in the US or Canada to:

    Amy Yodannis,  College and Commercial Sales Supervisor
    Academic Press,  1250 Sixth Avenue,  San Diego, CA 92101
    tel: 619-699-6547    fax: 619-699-6715

  If you wish a review copy outside of North America, please contact your local
Harcourt Brace Jovanovich office. If you have trouble obtaining a review copy
for a legitimate course of journal, please contact Rob Kling at UC-Irvine
(kling@ics.uci.edu).

Please report problems with the web pages to the maintainer

Top