The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11 Issue 88

Wednesday 12 June 1991


o Massive war resistance movement? 1.7 million defective resistors
o Computers and Exporting
Ralph Moonen
o Re: Formalism versus Experimentation
Eric Postpischil
Jerry Leichter
Martin Minow
Geraint Jones
Timothy Shimeall
Eric Florack
Jean-Francois Rit
o Caller ID — The Risks are already here!
Lauren Weinstein
o Info on RISKS (comp.risks)

Massive war resistance movement? 1.7 million defective resistors

"Peter G. Neumann" <>
Tue, 11 Jun 91 17:02:24 PDT
1.7 million resistors used in F-15s, Patriots, radars, and other systems are
being recalled and checked for flaws.  Some were shipped back in 1989, others
more recently.  The resistors were made by Philips Components of West Palm
Beach, which is aware of only three failures.  The defense contractor Eldec is
facing "financial losses because the military is not accepting its shipments of
electronic equipment while it searches for the defective resistors."  "Philips
officials said the resistors also were sold to civilian customers, including
commercial aircraft manufacturers."  [Stark abstracting of an AP item from the
San Francisco Chronicle, 8 June, p. A15] [Instead of resisting defectors, we
have defecting resistors.]

      [The risk that a systematically reproduced fabrication flaw could
      be perpetuated though many systems using the flawed component type
      is truly a frightening one.  The notion of a universal Trojan horse
      circuit that would fail at roughly the same time throughout the world
      is even more frightening.  (You know how accurately appliances can be
      made so that they work until just after the warranty expires?  Well,
      that technology could be applied to age-specific fail-certain components.
      But then, beware of Byzantine systems using multiple sources of separate
      and supposedly independent sets of circuits where it turns out that one
      component always comes from the same vendor...!]

Computers and Exporting

Tue, 11 Jun 91 21:20 MDT
In a recent discussion with colleague's of mine, we came up with another
difficult point in the information frontier. Legal definition of 'export' does
not cover all methods of transport and representation.

Take for instance the DES export restriction. Sources for des have been
posted on Usenet. Granted, it was with distribution USA. However, with
modems being cheap, and telephone lines readily available, there is nothing
to stop someone logging in on a USA Usenet supporting site. Who has now
breached the anti-export regulation? The site for being accesible from abroad?
The user who downloads the sources? The poster?

What's more, what gets restricted. Sources? Binaries? What if the sources are
crypted? They are no longer useable as a program. Not in executable form, not
after compilation. (Even if the compiler doesn't blow up :-). Are crypted
binaries export resticted?

The problem becomes more complex when you take Patent laws (PKP RSA Patent)
and copyright laws into account also.

This discussion started, when I mentioned that our Usenet servers get USA
distribution news, while I live and work in The Netherlands. Does this
mean that anyone posting export resticted sources that, because of network
structure also get distributed outside of the USA, is commiting a crime?
I hardly think so. Could someone with more legal experience comment on this?

--Ralph Moonen

Re: Formalism versus Experimentation

"Eric Postpischil" <>
Wed, 12 Jun 91 06:01:04 PDT
In regard to the question of formalism versus experimentation in the education
of computer science, let us assume, for the sake of argument, that we are
interested primarily in women's achievement and that women prefer
experimentation and teamwork to solitary abstraction.  Even granting these
assumptions, is not the proper question to ask "Which method of teaching women
is best for their learning?" rather than "Which method of teaching women most
addresses women's preferences?".  That is, even if we assume experimentation
and teamwork is best for women, this does not necessarily mean teaching with
experimentation and teamwork will produce better women computer scientists than
would teaching with formalism.

Sexism, programming, and social goals

Jerry Leichter <>
Wed, 12 Jun 91 08:56:24 EDT
Hal Pomeranz is "dismayed" by Ed Nilges' attack on comments in a CACM article
that claim Dijkstra is "sexist" for calling for more formalism in computer
science education, since it is observed fact that women are discouraged by
subjects based on formal mathematics and logic.  He claims that "Ed's analysis
of the situation appears to have some huge holes in its logic."  I am dismayed
by Pomeranz's apparent new definition of "logic."

What's really going on here has nothing to do with "logic"; it is a disagree-
ment on basic goals.  Dijkstra and Nilges have the following as their goal
for computer science education:

Goal EFF:   Computer science curricula should be constructed to educate
        students in the techniques that have been found to be most
        effective in producing working, usable, safe, programs.

Pomeranz, Nye and Bernstein (whose CACM comments Nilges was responding to)
have the following goal:

Goal EQL:   Computer science curricula should be constructed so that
        women have an fair chance to enter the field of computer
        science.  We determine that this goal has been attained
        when the percentage of women in the field matches that in
        the general population.

Having chosen a goal, one can apply logic or empirical investigation to
determine whether particular steps are appropriate to it.  One can attack
Dijkstra by pointing out that few real systems are amenable to the level of
formalization he used.  One can attack a program attempting to encourage
women to take logic courses so that they will be prepared for a Dijkstra-
style computer science curriculum by showing that women don't wish to take
such courses, or do poorly in them.

However, the choice between the goals (if indeed a choice is necessary) has
nothing whatsoever to do with computer science.  It touches on fundamental
polical and social policies that apply equally well in all fields.  Change
the references to computer science curricula in the goals to "corporate
management structures" and you get a pair of goals that are equally being
debated. Change "women" to "blacks" and you get another pair of currently
debated goals.

At one time, there was broad agreement that Goal EFF was the only important
one.  Then Goal EQL was proposed.  Those supporting this goal have gone
through three distinct phases:

1.  The goals are compatible:  Men and women are fundamentally equal.  The
only reason we haven't attain them is because of current (later, past) dis-
crimination.  If we eliminate the discrimination (and through special compen-
satory efforts make up for the past discrimination) we will soon attain both
goals simultaneously.

2.  Men and women are essentially different and have different and complemen-
tary perspectives on problems.  By striking out on their own, women will find
new approaches to computer science problems, thus enriching the field.  (This
particular phase wasn't very visible in computer science, but was universal
for several years in such fields as history and psychology.)  By working to
attain Goal EQL, we will simultaneously attain Goal EFF.

3.  Men and women are fundamentally different, and it is inherently unfair to
require women to adjust to the male way of doing things.  This unfairness is
basic, and Goal EQL is essential.  Goal EFF is a minor thing in comparison,
and any conflict between the two goals must be decided in favor of Goal EQL.

(Before all this, of course, there was a Phase 0:  Goal EFF is central, Goal
EQL is "nonsense", because "the gal's just don't have a head for logic".
Isn't it amazing how far we've come in 30 years?)

My own view is essentially compatible with Phase 1, though I certainly have
no objection to those who believe in Phase 2 and are willing to try to create
new perspectives:  It's hard work, but any such effort has the chance of re-
ceiving a major payoff.

Debate with those who espouse Phase 3 is impossible:  They have decided that
such things as logic and evidence are in and of themselves sexist or racist or
whatever.  Without such things, debate and reasoned discussion are impossible;
all that is left is resort to emotion, rabblerousing, and force (fortunately,
usually manifested as laws and regulations).  As long as they remain marginal
and without influence, they can simply be ignored.  When they begin to attain
influence, they can be answered only in the same terms.
                                 — Jerry

re: Politically correct computer programming

Martin Minow 12-Jun-1991 0950 <>
Wed, 12 Jun 91 07:15:20 PDT
Regarding the discussion of the impact of formalism on Computer Science
education, may I point out that "Computer Science" is more than the
craft/profession of Computer Programming.  It is certainly reasonable to teach
computer programming by example, and with very limited exposure to queuing
theory, statistical analysis, and the theory of finite-state automata — after
all, we do not introduce accountants to their profession by forcing them to
*prove* that 1+1=2.

On the other hand, once one enters the real world, it is indeed necessary to
"prove," in some rigorous manner, that the stack will not overflow, that the
iteration will converge to a solution, that the ring-buffer will work both when
it is empty and when it is full, that the compiler will parse all legal
programs and reject all incorrect programs, that the stop light will never show
green in both directions, that the database can respond to 200 queries per
minute, and so on.  For these problems, an understanding of formal methods is

Whether one should learn theory before, during, or after practice is, of
course, an open question and one related to university traditions and
the use one plans to make of the education.  Both, however, are essential
and I must respectfully disagree with Hal Pomeranz's claim that people
"turned off by formal training" will become excellent programmers.  I also
disagree with the implicit claim that women are, as a class, less able to
absorb formal methods and, consequently, excluded from the profession.

Martin Minow

Re: The impact of formalism on Computer Science education

Geraint Jones <>
Wed, 12 Jun 91 11:06:40 BST
The mild altercation between Ed Nilges (RISKS-11.86) and Hal Pomeranz
(RISKS-11.87) just goes to show how hard it is to understand someone else if we
don't make an effort to see the world from the other bloke's (apparently)
cockeyed stand point. Just suppose, for the moment, that bridge building, or
as one has to say these days civil engineering, is best approached by the more
formal knowing-what-you-are-doing route; and just suppose that education in
formal techniques does discourage partcipation by (say) right-handed people.

In that case, one might expect to be able to get more right-handers into the
subject by encouraging an experimental approach. However, you would not be
educating them as good bridge builders. On the other hand, a rigid adherence to
formal bridge design techniques would tend to make civil engineering a
profession of a minority of the population. Bridges would become magical
objects little understood and much feared by the rest of us. Now, do you want
to live in a world where bridges are essentially experimental constructions in
which you wouldn't want to trust? No. Or would you prefer a world in which we
worship bridge-builders and live in fear and awe of their constructions?  Of
course not.

I hope you can't tell which side of the argument I would defend if pressed.   g

Conflicting goals (was Re: the impact of formalism...)

timothy shimeall <>
Wed, 12 Jun 91 09:35:51 PDT
Before diving into accusations of sexism, let's be sure that we are
working to the same goal:
  Dijkstra (and apparently Nilges) is trying to promote the improvement
    of quality of programming, building better code with fewer bugs.
  Bernstein (and apparently Pomeranz and Frankel) is trying to promote
    the improvement of participation in programming, allowing more
    people (in this example, women) to program.
These are BOTH laudible goals, but they are different goals and may
conflict.  All people (both men and women) do not have an equal talent
for mathematical reasoning or inclination thereto.  Is it sexist to
point out that those with a high level of talent for mathematical
reasoning have tools (mathematical techniques) available to use that
those with a low level of talent do not have?  Is it sexist to suggest
(as Dijkstra has) that for some projects with a high need for quality,
only those familiar and trained in mathematical reasoning (i.e., only
those with the needed mental tools) should be allowed to program?
Isn't there a need to differentiate programmers by background and
ability, particularly in developement of life-critical systems?

I don't believe that a high level of mathematical reasoning is needed for every
programming project.  Well-explored, low-risk application areas with a plethora
of examples to work from may not demand mathematical reasoning for their
programming.  There is thus room in the programming profession for some without
this talent. I applaud those who seek to encourage sexual equality in hiring
those with the needed talents and inclinations for programming.  As one who
spends a LOT of time inducing individuals (of both sexes, the US military
services do not consider sex when selecting for graduate education, and thus
our student body is roughly 30% women) to reason logically about programs and
programming, I welcome ANY efforts to improve the volume of participation in -
and/or level of quality of — software development.

Re: Formalism versus Experimentation

Wed, 12 Jun 1991 07:41:47 PDT
Ed concludes "Dijkstra is right and Nye and Bernstein are wrong" because he

IMHO, Ed's right.  Since what we are dealing with, when we program, is logic,
should we not have the ability to reach conclusions in a logical manner? To
that end, should we not have above a passing understanding of logical thought?

I  am dumbfounded by:
... Bertstein's criticisms are, I believe, pointing out that the changes
proposed by Dijkstra would be yet another barrier to women wishing to
enter the field of Computer Science.

While you are most correct in your assesment of a lack of educational
even-handedness amongst the sexes, I question your conclusions..  Do we attempt
to change laws of chemestry and electricity because of a particular group of
students' inability to learn the laws as they are? IE: do we attempt to change
reality to aid some people's ability to deal with it effectively? Why, then do
you conclude that to learn computer logic, one need not learn logic, first?  Is
it simply because of one 'minority' or another's inability to deal with that

You say:
All education would benefit from massive dose of new and different thinking, so
as to encourage marginalized groups to participate more fully, rather than a
retreat to older, more formal approaches which would only push groups on the
outside farther out.

It is the retreat from the more formal, (and yes, harsher) learning
environments, the 'massive dose of new ideas' that have placed this country
into the educational crisis it's in today, where nearly 50% of high school
students cannot read effectively. In the 'marginalized groups' as you put it,
these percentages are even higher... we expect less of them, so they produce
less.  What you suggest is more of the same.

It's sorta like the drunks in a car. THe car is in reverse and they notice
they're headed for the cliff. THe drunk that's driving comes to the conclusion
that the car will move forward if he pushes the gas pedal down real hard. The
result, of course, is very predictable.

Sorry, Hal. No sale here.

Eric Florack:Wbst311:xerox

Are women a computer risk? And what about foreigners?

Jean-Francois Rit <rit@flamingo.Stanford.EDU>
Wed, 12 Jun 91 10:31:08 -0700
The discussion revolves around straightening the three following inconsistent

1 Abstract logic is necessary to the computer industry
2 Logic is not compatible with women
3 Women must have an equal access to the computer industry

Negating one of these propositions is sufficient to make them all consistent.
Therefore the issues are:

1 Is more abstract logic necessary to the computer industry? In particular, is
it necessary to avoid computer related risks?
This is the abstract, purely technical argument. You can try to prove this,
but it won't be easy. A substitute is relating anecdotes in comp.risks.

2 Is logic incompatible with women? This is probably not what should be
discussed in this forum. Unfortunately I personally think this is the weakest
point and therefore the thing that should be "fixed" if that were the case.

3 Should an equal access of women to the computer industry be enforced, no
matter what added risks this involves?
This is the political (in a broad sense) argument.

More than a "Men against women" issue, the discussion stems from accepting or
not that politics interferes with pure technic. Computer related risks address
the impact of computer technology on society and employment in the computer
industry is unavoidably one of them.

Hal Pomeranz likens requiring the use of formalized logic to that of a foreign
languages as an arbitrary but effective way of discouraging people from
entering a field. What about non-anglophone students who want to enter the
computer industry or let's say computer science research?

Most of them have *at best* a knowledge of conversational english, yet they
have to access to hard technical literature. Those who are not proficient
enough or cannot adapt are definitely weeded out. You can find this perfectly
normal or unacceptable depending on how much you think cultural imperialism is
relevant to computer education.

Jean-Francois Rit               Tel: (415) 725 8813
CS Dept Robotics Laboratory     e-mail:
Cedar Hall
Stanford, CA 94305-4110

Caller ID — The Risks are already here!

Lauren Weinstein <>
Tue, 11 Jun 91 18:59:08 PDT
The Caller ID (CID) situation in California is still undetermined, other than
that per-call CID blocking will definitely be provided at no charge, since this
has been mandated by state law.  It is decidedly unclear whether or not such
blocking will be effective on interstate calls, since such calls are an FCC,
not PUC (Public Utilities Commission), matter.  A similar unclear situation
exists with regard to 800 and 900 calls (remember that most 800 calls already
have CID attached to them, at least on customer bills--and you can sign up for
instant delivery of the caller numbers if you want them).  Current rules seem
to imply that CID blocking will not apply to 800/900 calls.

I recently sent a letter to the California PUC promoting the need for per-line
CID blocking, and asking a number of questions regarding call-return operations
when the original caller had blocked their CID (the key question: since it is
proposed that call-return would still function in this case, what number would
show on the phone bill of the person activating call return in the case of
message-unit and toll calls?  Would it be marked "private"?  Would only a
partial number be shown?

As for per-line blocking, I feel strongly that subscribers should not be
required to take *extra* steps to maintain a level of privacy that they have
already come to expect over the years.  Particularly when people are in unusual
locations, or under stress, elderly, in a hurry, etc., they are the least
likely to remember about dialing special codes--even though they might
especially need their number privacy in those situations.  Nor should
subscribers be forced to purchase special equipment to dial blocking codes for
them when they're calling from their "normal" location.

I have proposed that all unlisted/non-published numbers have caller-ID blocked
by default, with all subscribers offered a one-time opportunity to choose the
mode (blocked or unblocked) that they prefer without charge, after which
further changes in the per-line CID blocking status would be subject to a fee.
I have also proposed the availability of codes to change the per-line CID
blocking status on a per-call basis (both for enabling and disabling CID).

There is a fascinating publication that relates to all of this.  It was
originally provided to me by a company that builds equipment for CID number
capture (Automatic Number Identification — ANI capture).  While it is
primarily oriented toward use on existing 800 ANI capture systems, it is
obviously looking forward to full-scale CID availability for non-800 calls.

The publication is called "Inbound/Outbound" — "Using Technology to Build
Sales and Deliver Customer Service".  It was a supplement to "Inbound/Outbound"
magazine from July 1990.  It is heavy on the promotion of MCI ANI delivery
systems, which isn't surprising when you notice that the publication was
prepared under the direction of MCI employees.  Many manufacturers of ANI
related equipment and systems (including name/address database lookup services)
have ads within.

It is a veritable cornucopia of endless praise for ANI/CID systems--I was
unable to find a single negative statement concerning these systems.  As far as
they are concerned, ANI/CID is the best thing to happen to sales since the
invention of the phone.  There are database services who can search between 60
and 90 million name/address entries "instantly" over networks in response to
incoming ANI phone number info, and others who will take a tape or floppy and
get you the info "offline" at a lower price.

One of their suggested applications for ANI/CID is hanging up on or refusing to
answer calls from "suspicious" phone numbers with which you've had problem
calls in the past (the RISKs are obvious).  Another is recognize the phone
number of your better customers and route them to operators ahead of all the
other poor slobs waiting for assistance.  Yet another is call back people who
hang up without waiting for an answer on your sales lines.

Overall, they list a range of applications (including various authentication
applications) that seem to imply that (1) Everyone wants everyone to know who
they are when they make a simple call, (2) Your customers will always call you
from the same phone number, and you have the right to call them back on
whatever number they happen to call you from, and (3) People hardly ever change
their phone numbers.

They also throw out the usual arguments about the use of ANI/CID in emergency
situations, even though we all should know by now that 911 services are exempt
from CID blocking.

Most of the associated privacy RISKs with this technology have been discussed
in this forum before, but I want to emphasize the incredible degree to which
the intertwining of ANI/CID and database services can result in instant
information about the caller (or rather, about the caller's phone number!)
being provided to the entity being called, (though not necessarily accurate
information, of course!)

Not only can name/address be provided from the caller phone number, but also
other nifty data such as "dwelling unit code" (what kind of residence are you
living in?  Do you live in a "bad" part of town?)  and "wealth code" (are you
rich?  Does the company even want to bother talking to you?), and numerous

There is also apparently talk of connecting into the credit inquiry databases
so that, essentially, when you call a firm, it is possible that everything
about that call will have been determined based on the voluminous information
they were able to dig up from your phone number during a couple of rings!  How
you will be treated, who will answer your call, how long you wait in the queue,
what they will say to you, and a range of other decisions can be made before
you've said *one word* — all based on the phone number from which you're
calling, with all the issues of privacy and accuracy that accompany such a

And remember--this is happening *right now*.  These services exist today; they
can be subscribed to immediately.  Your area does not need to have local CID
for your number to be transmitted via 800 or 900 calls--in fact, about 90+% of
the phones in the U.S. are already transmitting their numbers on 800 and 900
calls.  As more areas achieve "equal access" long distance carrier status, that
number will eventually reach 100%.  Local CID blocking will probably *not*
block the delivery of your number via 800/900 calls under the current rules,
though the definitive status of such calls remains unclear.

We need federal legislation to address these issues, and we need it now.  These
concerns can not be dealt with effectively on a local or state basis.  It's up
to those of us who are aware of the dangers inherent in these systems to make
our concerns known and push for appropriate improvements in the Privacy Act and
other related legislation.

Please feel free to contact me if you'd like further information about any of
these topics.

Please report problems with the web pages to the maintainer