The RISKS Digest
Volume 12 Issue 51

Wednesday, 16th October 1991

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Mathematical and scientific foundations for engineering
Henry Petroski via PGN
Thermostat failure
Richard Schroeppel
Blockbuster `Loses' Returned Video
Mowgli C Assor
Credit Card Fraud
Brian Randell
New Massachusetts check/credit card ID law
John R. Levine
Giving Away Privacy (Continued)
Sanford Sherizen
Re: buggy software
Martyn Thomas
Magnus Kempe
Dave Parnas
Bart Massey
Ernesto Pacas-Skewes
Re: TRW misreports local taxes
Rob Spray
Info on RISKS (comp.risks)

Mathematical and scientific foundations for engineering (Petroski)

"Peter G. Neumann" <>
Tue, 15 Oct 91 19:54:33 PDT
Henry Petroski (who is now writing a regular column for _American Scientist_)
has a fascinating analysis of the Tacoma Narrows Bridge collapse on 7 Nov 1940
in the latest issue of _American Scientist_, Sept-Oct 1991, pp.398-401.  Here
are the last two paragraphs, food for thought particularly for those of you
planning to be in New Orleans for Henry's talk at SIGSOFT '91:

  Modern engineering rests heavily on mathematical and scientific foundations,
  and that is why the first two years of the engineering curriculum are
  dominated by mathematics and science courses.  Eager and impatient
  engineering students often ask the relevance of those courses to real
  engineering, and so the discussion of real-world examples such as the
  oscillation and collapse of the Tacoma Narrows Bridge is especially
  important to receptive and impressionable students.  Teachers of engineering
  are repeatedly reminded how difficult it is to break poor mathematics and
  science habits, especially those acquired in elementary courses that give
  preemptive explanations to dramatic engineering phenomena and failures.  Yet
  in the Tacoma Narrows case study, mathematics and physics are clearly behind
  the engineering science, for which they are properly prerequisite.

  The juxtaposition of a simple, albeit retrospective, physical explanation and
  a complex engineering error has implications far beyond mere puzzle solving,
  for it contrasts the omniscient mathematician/scientist and the blundering
  engineer.  It behooves us all to avoid such oversimplification and
  stereotyping, whether explicit or implicit, in our textbooks and our classes.
  The collapse of the Tacoma Narrows Bridge will no doubt remain, as it should,
  an irresistible pedagogical example; it should not also remain a classic
  example of interdisciplinary hubris and conflict.

thermostat failure

"Richard Schroeppel" <>
Wed, 16 Oct 91 10:45:17 MST
This is pretty vague, but relevant:

I recall hearing on the radio a couple of years ago, probably in Los Angeles,
of a family that was killed by failure of a conventional thermostat.
Investigators concluded that the temperature in the house had reached 110F.

Rich Schroeppel

Blockbuster `Loses' Returned Video

Mowgli C Assor <>
Wed, 16 Oct 91 1:48:59 EDT
  Along the lines of the discussion of the AT&T and other semi-computerized
systems risks, I ran into one today.

  The Blockbuster chain of video stores uses a very spiffy computer system to,
among other things, keep track of what videos you've watched, what they have
in stock, & who has checked in & out what. All videos have a barcode, which
they simply scan into the computer system.

  When you bring a video in, you put it in the return box & eventually someone
scans it into the computer as a 'returned' video. I checked out a video Friday,
(Video A) and returned it Monday when I picked up another one (Video B). Today
(Tuesday) I got a call that I had not yet returned Video A, & should do so
soon (on Monday it was already 1 day late).

  I went in & returned Video B, & then mentioned that their computer was a
little behind & had missed my return. The lady there remarked that that was
odd, and went to find her manager (turns out assistant manager ;). The manager
did all sorts of neat computer things, & wasn't able to find that someone else
had checked out the video, & of course didn't find a record of me checking it
in. She then mentioned that she didn't know how this could happen.

  I pointed out to her that I had at least twice seen employees get distracted
when they put the video on the counter (but before they check it in), & have
another overzealous employee come along & clean the counter off (moving the
tapes to the 'to be shelved' section). She then sent the first lady to check
the shelves for it.

  The video couldn't be found, & I then asked the manager if she could check if
the video had been checked out by someone else. She replied that it had not, so
if I didn't have it it must still be in the store. I was getting a little bit
annoyed at this point, when the manager then said "I was training a new girl on
Monday, & this morning we found about 25 videos hadn't been checked in
properly." (Note that 2 paragraphs up she didn't know how this could happen ;)

  So the upshot of this is, I have to hope that they find the video around the
store somewhere (she also mentioned that misshelving videos was common among
new employees) because otherwise I will have to buy it (and of course, I'm not
allowed to rent any more videos from here until the entire matter is resolved).

  At this time, Blockbuster thinks I stole the tape (even though the manager
doesn't ;) & since I gave them the proof I didn't on Monday & they lost it, I
of course have no proof anymore. The risk of relying on employees to know their
jobs, I guess.

Address: (Mowgli Assor in quasi-real life)

Credit Card Fraud

Wed, 16 Oct 91 17:13:51 BST
The attached article is reprinted in its entirety from today's (London)
Financial Times. I find it rather pleasing that one (claimed) reason for not
using photographs on cards is the risk that this would in effect create a
national identity card scheme. If we are to have such a scheme - and public
sentiment against such a scheme in the UK has for years been very strong, with
the cards that were introduced during World War II being abandoned as soon as
the war ended - then I'd prefer it to be introduced properly, with suitable
safeguards and legal framework.  However, I also know that past research by the
UK's Inter-Bank Research Organization (as it was then called) threw grave doubt
on the effectiveness of using photographs, so I doubt that the identity card
reason was foremost in the bankers' minds.
                                                         Brian Randell
Computing Laboratory, The University, Newcastle upon Tyne, NE1 7RU, UK
EMAIL =   PHONE = +44 91 222 7923



By David Barchard

Britain's Banks plan to spend more than (Pounds) 500m in the next three
years on an initiative to combat plastic card fraud but they have persuaded
Mr. Kenneth Baker, the Home Secretary, to drop controversial proposals to
put photographs of holders on all credit and debit cards.

Under the new fraud prevention measures, shoppers may soon have to punch in
their personal identity number into a computer terminal each time they pay
by card.

Other possibilities being discussed by the banks and the Home Office
include checking a customer's identity by shining a laser beam on his or
her retina and verifying the signature on the card by computer.

These proposals were discussed at a meeting in London yesterday between Mr.
Baker and banking industry representatives on how to combat the rapid
increase in plastic card fraud.

Losses on card fraud are expected to increase by more than (Pounds) 20m to
about (Pounds) 150m this year and some bankers fear that losses next year
could be close to (Pounds) 200m.

The banks promised Mr. Baker that they would spend more than (Pounds) 500m
on technology and training during the next three years to fight card fraud.
 This would be the largest joint investment that they have ever made.

Banks fought against the introduction of photographs on cards because they
feared the government was asking them to introduce an identity card scheme
through the back door.

Mr. Baker said he had asked the banks to report to him early in the new
year on the action they were taking to beat credit card fraud.

"There is a lot that can be done to curb it.  We must work together to keep
ahead of the criminals involved," he said.

Proposals to use personal identification numbers with cards at retail
outlets would represent a partial return by the banks to something close to
National Eftpos, the proposed national card scheme for electronic payment
which they abandoned in January 1990 at a cost of more than (Pounds) 65m.

The odds are heavily on personal identification numbers being adopted
rather than other methods.  Bank customers already know how to use Pin
numbers when using cash cards.  Numbers could be introduced without any
need to change the existing magnetic stripe technology for credit cards.

New Massachusetts check/credit card ID law

John R. Levine <>
Wed, 16 Oct 91 19:11:43 EDT
According to today's Boston Globe, the state legislature has recently approved
and the governor is expected to sign a new law regulating the data that may be
collected when a customer pays with a check or credit card.  When a customer
pays with a check, he may be asked to show a credit card and photo ID, but the
only information that may be written on the check is the address and phone
number.  When a customer pays with a credit card, he may be asked to show a
photo ID, but no extra info may be written on the charge slip.  The customer's
address can be recorded separately if needed for warranty or delivery.

This is in response to two separate abuses.  One is that many stores recorded
customers' race, ostensibly to help prosecure check bouncers.  The other is
that crooks armed with a victim's credit card numbers, SSNs, and addresses from
checks and charge slips were able to get credit cards in victims' names and
make thousands of dollars of phony charges.

Violators of the law will be subject to triple damages in case of credit theft.

John Levine,, {spdcc|ima|world}!iecc!johnl

Giving Away Privacy (Continued)

Sanford Sherizen <>
Wed, 16 Oct 91 17:13 GMT
A bit ago, I wrote in RISKS about some of the ways by which individuals are
giving away their private information.  At times, this is involuntary (such as
a condition of employment) while, at other times, people give away this
information for a sales coupon or while filling in a warranty card for a
product.  In my previous posting, I said that Big Brother has turned out to be
the Big Browser.

Even though TRW may have changed some of its tactics, the credit industry
continues to grab bits and pieces of private information in any way possible.
The privacy battle is far from over, particularly since TRW is going to provide
credit histories while not having to reveal all of the personal information
that it has gathered and continues to sell.  What follows is a perfect example
of what information is being sought and the often manipulative ways by which it
is being gathered.

This is from a letter that BUYER'S MARKET sent to me.

"If you enjoy shopping by mail, we are ready to give you $150 in savings just
(sic) for telling us what's on your personal (sic) shopping list.  This
invitation is mailed to consumers with unique interests.  People just like you,
who are sought out by the nation's leading mail order companies.  As part of
this sought-after-group, you qualify for a six-month FREE charter membership in
BUYERS'S MARKET, the new nationwide organization that not only arranges
generous discounts for preferred mail order customers but also brings you:

        * MAIL-SELECTOR--...that helps you get catalogs and special offers on
          products you want (underlined) while helping to reduce unwanted
          (underlined) mail! (Sic)

        * [Deleted--Other similar materials]

... There is only one requirement: To receive a minimum of $150.00 in Savings
Certificates and FREE Charter Membership in BUYER'S MARKET, you MUST complete
and return our Consumer Survey by October 30, 1991."

At the bottom of the questionnaire is a box market confidential.  In small
print, it is revealed that the organization is part of Equifax, which few
consumers may realize is a biggie in the credit history industry.  The
confidential (but note not a confidentiality) statement is as follows:

"BUYER'S MARKET is a nation-wide organization of consumers sponsored by Equifax
Consumer Direct.  Consumer information provided to BUYER'S MARKET is used
solely to facilitate consumer purchasing choices; it is not supplied for any
consumer-evaluative activities and will not be added to any other Equifax
database.  The information you provide to Buyer's Market by completing this
Member Profile will be kept completely confidential.  Your answers will be used
by the staff of BUYER'S MARKET solely to guide cooperating merchants in
directing to you offers you may be interested in, and/or to help eliminate your
name from mailings of offers you indicate you don't want."

Doesn't this confidential statement make you feel protected?  I wonder how many
people are going to fill out the "Consumer Survey", which contains sections on
personal interests, uses of coupons, leisure and hobbies, new product
preferences, purchasing plans, and "about YOU" (including questions on age,
income, home ownership, length of residence, size of household, marital status,
children by age, and personal computer).

Maybe Mr. Justice Thomas or the Honorable Senator Orrin Hatch, new converts to
the cause of privacy, will become advocates for limiting this invasion.  I
wonder if their records on video rentals are available through Equifax?

Sanford Sherizen, Data Security Systems, Inc., Natick, MA
MCI MAIL:   SSHERIZEN  (396-5782), PHONE:      (508) 655-9888

Risks from legislation (Re: buggy software, Shearer, RISKS-12.49)

Martyn Thomas <>
Wed, 16 Oct 91 10:09:53 +0100 (James B. Shearer)  writes:
>          A real risk is that laws will be passed requiring people to use
> certain crackpot programming methodologies ...

This *is* a real risk. If our profession continues to be irresponsible, and
to use unqualified and untrained staff, undefined processes and poor quality
assurance, for developing critical systems, then legislators will force us
to change. If (when) this happens, I am confident that the legislation will
be far from ideal - but the fault will be ours.

Control of the software industry (was Re: buggy software)

"(Magnus Kempe)" <>
Wed, 16 Oct 1991 18:02:25 +0100
David Parnas <parnas@qusunt.Eng.McMaster.CA> writes:
> As far as I know no one is required by law to buy an electrical appliance.
> Nonetheless, every country that I know requires appliances to meet certain
> minimal standards.

If this is intended to be an argument, then it is a fallacy.  If all
governments in the world practiced censorship of philosophical and political
literature, would that make full-scale censorship a moral goal?  Would that
justify _any_ kind of censorship?

It is certainly true that the software industry is not shackled by
all-encompassing government control, while virtually all other business
activities are.  However, this does _not_ imply that it is morally right to
extend government interference (coercive "standards", "certifications",
"licensing", etc.) to the creation of software --or to any other kind of
productive activity.

Several premises are implicit in the arguments in favor of government control
of business activities--especially when it comes to technical activities (e.g.,
software engineering.)  Here are a few:

1. That pointing a gun at someone, telling him "Think and produce", is
   practical and moral.

In fact, it is neither practical--a mind can not be forced--nor moral--the man
who, alone, initiates force against another is properly considered to be an
evil criminal.  Similarly, 50 million men holding the gun against a single man
are both impractical and immoral.  And 50 million men holding guns against each
other are suicidal and evil, too.

2. That men, left to their own devices, will not create good things;
   therefore, they should be forced to act "in their own interest".

According to _whose_ standard is it in a man's interest to be forced to act
against his own judgment?  It is not a value to be forced to spend one's time,
one's life, in order to have, keep or make something one does not want.

3. That businessmen are evil man-haters, intent on destroying all human
   values; thus they should be presumed guilty unless they prove
   otherwise (e.g., "you will hurt someone with the things you do
   --prove you won't.")

But that is a negation of the purpose of business: the creation and trade of
_values_.  It is also a negation of logic and justice: the onus of proof is on
he who asserts the positive ("you _will_ hurt someone", or, in Parnas's words:
"we _would_ _all_ be worse off for [getting rid of all of these regulations]"
--emphasis mine); it is profoundly unjust to consider a man guilty unless he
should somehow "prove" a negative.

4. That voluntary trade to mutual benefit is bad, and that software is
   systematically "buggy" because software producers are not doing their best.

Of course, proof of _this_ is that the software industry is making _billions_.
If you don't like my software, or if you distrust me, don't buy my products.
If you think you can write better software than I do, go ahead--you are free to
do so.  I am eager to watch as you flood the world with excellent software.
And, pray tell, do _you_ need to be pushed around by the government, with a gun
pointed to your head, in order to write good software?  Why want to coerce your
fellow men, if you have the ability to do everything much better than they do?
Why aren't you already many times richer than, say, Bill Gates?

5. That some people, especially those in government, know everything
   about anything, and should therefore dictate how software must be written.

I trust I am not alone to see the disastrous implications of this idea.

If, in the future, a moral cannibal should attempt to use the government's
power to force me to create software according to _his_ "standards",
"certification requirements", or to impose compulsory "licensing", I will not
submit: I will never produce a single line of code under the threat of a gun.
I do not ask men to live under my threats, nor do I surrender my life, my work,
to their threats.  What kind of man is it, who is ready to submit his free-will
to a gunman?  And what does the gunman expect to achieve--production, or

Check your premises.

Magnus Kempe,

Re: Control of the software industry (was Re: buggy software)

David Parnas <parnas@qusunt.Eng.McMaster.CA>
Wed, 16 Oct 91 13:53:50 EDT
I hope that this discussion is not about to degenerate into the age-old debate
about whether any regulation of industry is needed at all and whether that
regulation should be "brutal", "full-scale", "all-encompassing" "coercive" or
any of the other highly loaded adjectives and rhetorical phrases used by Mr.
Kermpe.  It seems to me that those issues are much more general than the
mandate of RISKS and that Mr.  Kempe's "Red Herring" images of people pointing
guns at programmers are best discussed somewhere else.  The issue that is
relevant to RISKS is whether there is any reason to treat software products
different from those produced by older technologies.

One premise that seems to run through Mr. Kempe's message is that programmes,
like other pieces of text, are artistic creations and should not be "censored"
any more than we censor books, poems, or essays.  As a strong defender of the
right to free speech, I can sympathise with his rejection of any restriction on
our freedom of expression.  However, our creations differ from those of
traditional text producers in that they can be turned into mechanical objects
with all the capability of endangering our fellow humans that other mechanical
products possess.  I am all in favour of allowing people to write, even
publish, any text, but I worry about telling people that that text can be
loaded into a mechanical device and will transform that device into something
safe and usable.  At that point, one must treat the text as one would any other

When I went through Mr Kempe's "declaration of independence" looking for
remarks that were specific to computers I found only,

"4.  ...  that software is systematically "buggy" because software producers
are not doing their best."

While I would not ever put the word "systematically" in front of "buggy", I
think that this statement would be true if one inserted the word "many"
(instead of the implied "all") before "software".  There are many people who,
because of a variety of external pressures are producing a lower quality of
software than they could produce.  In fact, I know many who have told me that
they would like to do better, and could do better, if the market were better
controlled and users were better informed about products.  None of these people
believe that "some people, especially those in government, know everything
about anything, and should therefore dictate how software must be written" but
they do believe that some regulation (e.g.  truth in advertising) would help.
Some believe that cigarette box style warnings would be enough, while others
would prefer inspections and grading.  Most take pride in their work and would
like to make it easier for customers to tell the difference between their
products and those of lesser quality.

Rather than paint frightening pictures of "big brother" censoring our our
outpourings, we should try to examine the ways in which software products
differ from other products and find the appropriate compromise between our
right to produce arbitrary texts and our responsibility to avoid flooding the
world with unreliable products.
                                David L. Parnas

Re: buggy software (Parnas, RISKS-12.50)

Wed, 16 Oct 91 13:50:00 PDT
> We are asking that software be
> treated like other products, produced by registered or licenced engineers

Like all those small appliances you mentioned?

There's no one right answer to the question of how to ensure the safety and
reliability of something as wide-ranging and widespread as software, and I am
concerned that a person of Mr. Parnas' reputation might mistakenly give the
impression that licensing all programmers across the board is feasible, much
less a panacea of some kind.

IMHO, you could make a case for requiring a licensed safety engineer
specializing in software safety to be in charge of development of certain types
of software, such as medical software or control software for large industrial
systems (e.g., nuclear power plants) where the general public welfare depends
on this expertise.  For other types of software, such as computer games or word
processors, it is clear that no safety supervision should be required, since
there is no threat of bodily harm to anyone as the direct result of the use of
this software.  There is probably some intermediate class of software
applications where a UL-like oversight body would be the appropriate answer.

The situation with regard to reliability and fitness is similar.  For example,
the implied warranties of merchantability and fitness which already exist are
probably adequate for computer games, but perhaps there should be special
protections provided to banks who purchase multi-million dollar accounting

Part of the problem IMHO is the use of the generic term "software," which
implies that "it's all the same" in some important sense.  This is less and
less true as time goes on, and I believe that there will soon come a time when
lumping all "software" together in discussions of safety and reliability
regulations is about as common as lumping together cars, household appliances,
and roller coasters under the term "electromechanical devices" in these
                Bart Massey

Re: buggy software (Parnas, RISKS-12.50)

Ernesto Pacas-Skewes <skewes@CAD.MCC.COM>
Wed, 16 Oct 91 16:15:21 CDT
Good common points brought up by Mr. Parnas. I specially support free bug fixes.

   > ...  We are asking that software be
   > treated like other products, produced by registered or licenced engineers, and
   > that software manufacturers be treated like other manufacturers. . . .

The goal is commendable, but I'll take exception on the "registered or
licenced" part. Looking back, registering and licensing are not necessarily
related to being competent and responsible. The only (exaggeration?) things
that registering and licensing are garanteed to produce is income for the
registra(e)r/licenser and job security for registered/licensed elites that are
not necessarily competent or responsible.

Following the line of examples: The last time you went to a licenced (otherwise
unknown to you) professional, were you sure s/he was "good"? Were you sure it was
going to be expensive?

To be sure, I'm not saying that all those who are are, and all of those who
aren't aren't. I'm just saying that registration and license like so many other
things aren't always what they seem.

   > . . .  If cars were as buggy as the software on the market today,
   > the automobile manufacturers would have long ago been sued into bankruptcy.

I wasn't driving at that time, but I'm sure cars WERE as buggy as software IS.
(Besides, several things can prevent bankrupcy, lawyers and lobbying come to mind)

Ernesto Pacas-Skewes     PACASSKEWES@MCC.COM

Re: TRW misreports local taxes

Rob Spray <>
Wed, 16 Oct 1991 16:35:10 GMT
>I heard a radio report (just a headline, really) this morning that TRW will
>provide "free copies" of credit reports to some (of their New England?)
>consumers, in a PR move.

According to Nareen (sp?) at TRW (214/235-1200) the report is slightly
erroneous.  Starting January 1, 1992, TRW will provide consumers with one free
credit report per year. (You currently get a freebie, if you've been denied
credit or employment because of a report, otherwise it's $15).  Apparently,
they've had "a lot" of calls about this!

They need:

Full name
Spouse's first name
Addresses with zip codes for last five years

and a signed request for the info.

Send it to

PO Box 749029
Dallas TX 75374

A recording that explains this (but not the free deal) is on 214/235-5005

--Rob Spray
--your RISKman in Dallas
                           [AND WAIT UNTIL AFTER 1 JAN 92.  PGN]

Please report problems with the web pages to the maintainer