Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
While I was in the air back to SFO from Washington yesterday morning, the Oakland CA en-route traffic control in Fremont had a major snafu, seriously snarling West-coast and Pacific Ocean air traffic from 8:40am PDT, for two hours. Outgoing flights were delayed more than incoming flights. The backup system requires manual handshaking where otherwise the system would handle handoffs automatically, so there was some element of risk involved. However, the outage of the one center did not directly impact safety. Required separations between planes were increased to 20 miles for landings and departures, instead of 3 miles, and the net effect was a return to leisurely pace of the 1950s. The cause of the failure is not yet known, although it was thought to be a software problem. [Some details can be found in, Traffic Control Center Failure Snarls Airline Flights, By Jack Viets, San Francisco Chronicle, 9 April 1992, front page]
The Army acknowledged on 7 April 1992 that its glowing claims of success were based on faulty data and indicated it is now certain that the missile ``killed'' roughly 10 Iraqi Scud warheads out of more than 80 fired at Israel and Saudi Arabia, although the actual number could be greater. [Source: A front-page article by George Lardner in the Washington Post, Army Cuts Claims of Patriot Success: Reduced Figures on Missile's Precision During Gulf War Are Issued, 8 Apr 1992.] Also, see the earlier item on MIT Professor Theodore A. Postol's article and its aftermath, discussed in RISKS-13.32. Postol was on Fox TV early on the morning of the 7th, prior to the Army briefing, discussing the Patriots. He suggested that 10% was much closer than the 80% previously claimed, and that is actually conceivable that NO direct kills were actually achieved!]
In Risks 13.34, an article describing an alleged remote backup service, began: > Date: Thu, 2 Apr 1992 11:07:48 PST > From: Robert_Ebert.OsBU_North@xerox.com > Subject: Backup over the phones? > Excerpted from TidBITS#114/01-Apr-92, source: BackData, info@backdata.com The article mentioned some of the obvious risks involved and subsequent issues of Risks contained follow-up articles. However, in TidBITS#115, the author mentioned that TidBITS#114 was the April Fools issue and all of the content was fictional. Not getting an April Fools joke might be more of a risk in on-line documents because often they are not read until some time after the first of April. (Of course there can be a similar problem with hard copy media - I get several magazines whose April issue arrives in late February or early March.) David Tarabar (dtarabar@hstbme.mit.edu)
RISKS-13.34 (Friday 3 April 1992) carried a submission from me forwarded from
TidBITS#114/01-Apr-92 about Backing up Macs and PC's over the phone.
TidBITS#115/06-Apr-92 carried the following notice:
To quote from the excellent movie "Spinal Tap," "it's a fine line
between clever and stupid." I may have fallen off that fine line
in writing TidBITS#114, because despite a few clues and hints, the
fact that it was indeed our annual April Fools issue appears to
have gone generally unnoticed. Almost everything in that issue was
false - though often entirely possible and even intensely
desirable - with the exception of the IBM marketing move (which
was strange enough to be an April Fools joke), and the Dolch
projection panel (which I used to make the last article more
believable). Sorry folks, if I threw you for a loop.
So, there you have it. I don't consider myself to be terribly gullible, but I
was taken in. [I didn't have this problem with any other April jokes... I
don't think. But then, most of the ones I got were substantially more
obviously jokes than this. Xerox is *not* going to lease it's newly acquired
buildings in Palo Alto to the Mariott hotel chain, and an "Amusement park for
Silicon Valley geeks" requiring "magnetic badges built into pocket protectors"
is *not* going to be opened on the neighboring land at Page Mill & Foothills.]
In any case, apologies all around for spreading what turned out to be false
information. The backup scheme described seems entirely plausible, and even
lucrative. Looking over the rest of the TidBITS digest, I suppose there are
clues to be had... in retrospect. In comparison to the rest of the silliness
that the rest of the net goes through every April, TidBITS was the height of
subtlety. Ah, well, whatever it takes to relieve those tax-time blues, I
suppose.
The IBM marketing move (from TidBITS#114/01-Apr-92):
Ralph Amundesen wrote with some interesting information about IBM.
Evidently, IBM is so worried about OS/2 that the company has
expanded its battalion of salesbots by drafting the entire
company. I don't know if this will go as far as dark-suited IBM
folks out pounding the pavement ("Excuse me, Ma'am, may I come in
and demonstrate what OS/2 2.0 can do for you today?"), but all
344,000 employees are in it for fun and prizes. It's a step up
from grade school, but IBM employees could win medals, IBM
software, IBM hardware, or even cold hard cash. I sure hope they
don't stop in here since I don't have 30 MB free under SoftPC to
test it. Sheesh, wouldn't you think it would be easier to just buy
a few TV spots like Microsoft is doing?
The Dolch projection panel (from TidBITS#114/01-Apr-92):
Interestingly, Dolch Computer Systems just released a color LCD
projection panel that can double as a stand-alone screen for a
mere $8500.
--Bob (bebert.osbu_north@xerox.com)
We experienced a shattering computer error during a German election this past
Sunday (5 April). The elections to the parliament for the state of Schleswig-
Holstein were affected.
German elections are quite complicated to calculate. First, there is the 5%
clause: no party with less than 5% of the vote may be seated in parliament.
All the votes for this party are lost. Seats are distributed by direct vote
and by list. All persons winning a precinct vote (i.e. having more votes than
any other candidate in the precinct) are seated. Then a complicated system
(often D'Hondt, now they have newer systems) is invoked that seats persons from
the party lists according to the proportion of the votes for each party. Often
quite a number of extra seats (and office space and salaries) are necessary so
that the seat distribution reflects the vote percentages each party got.
On Sunday the votes were being counted, and it looked like the Green party was
hanging on by their teeth to a vote percentage of exactly 5%. This meant that
the Social Democrats (SPD) could not have anyone from their list seated, which
was most unfortunate, as the candidate for minister president was number one on
the list, and the SPD won all precincts: no extra seats needed.
After midnight (and after the election results were published) someone discovered
that the Greens actually only had 4,97% of the vote. The program that prints out
the percentages only uses one place after the decimal, and had *rounded the
count up* to 5%! This software had been used for *years*, and no one had thought
to turn off the rounding at this very critical (and IMHO very undemocratic) region!
So 4,97% of the votes were thrown away, the seats were recalculated, the SPD got
to seat one person from the list, and now have a one seat majority in the parliament.
And the newspapers are clucking about the "computers" making such a mistake.
Debora Weber-Wulff, Institut fuer Informatik, Nestorstr. 8-9,
D-W-1000 Berlin 31 dww@inf.fu-berlin.de +49 30 89691 124
Defense Loses Bid to Present Animated Videotape Depicting Baton Blow By Linda Deutsch, Associated Press Writer Simi Valley, Calif. (AP) The judge in the trial of four officers accused of beating a motorist refused Tuesday to let jurors see an expert witness's animated videotape recreating the first baton blow. Superior Court Judge Stanley Weisberg said he wasn't convinced that the tape, created by a biomechanical engineer with the help of a computer program, was scientifically reliable. ``It would lead the jury to think it must be accurate ... that it's true because the computer shows it,'' Weisberg said. ``Just because it's sold in software stores doesn't make it reliable.'' However, the judge said the witness, biomechanical engineer Carley Ward, could testify on the limited issue of how much force is produced when a baton strikes a human head and how much damage would be done. Officers Theodore Briseno, 39, Laurence Powell, 29, Timothy Wind, 31, and Sgt. Stacey Koon, 41, are on trial in the March 3, 1991 beating of Rodney King. A bystander's videotape of the beating led to a nationwide furor over police brutality and inflamed racial tensions in Los Angeles. King is black, the officers are white. Ms. Ward testified outside the jury's presence that Powell, in a test conducted by her, exerted 1,500 pounds of pressure when swinging a baton in a ``full power swing.'' Prosecution witnesses have said he struck King's head in such a manner. If King was struck with that force, Ms. Ward said, she would have expected more injury than the broken facial bones he suffered. She said her experiments striking the heads of cadavers at such velocity produced brain injuries. Michael Stone, Powell's lawyer, said he would need time to determine if he wanted to call Ms. Ward, given the limitations imposed by Weisberg.
In RISKS-13.34 various people wrote about cryptography. The following shows how it already used by terrorists. On Saturday 4th April the British newspaper the Guardian reported that all the leaders of the Basque separatist organisation ETA had been captured in a police raid in France. (ETA is a terrorist organisation in Basque, Spain which want independence from Spain. They have killed many over the last 10 years.) The leaders must have found out several minutes before the raid, as they tried to find matches to burn documents they had in their possession. Failing, they torn them up and flushed them down the toilet instead. (It is not stated whether the police recovered them.) The interesting part however, is that the police captured a computer (PC or laptop) from the ETA some time ago (more than 18 months if I remember correctly) but they have, to date, not been able break the code which was used to decrypt all the information. I suppose this must be a worst case scenario for intelligence organisations such as the police etc. Kees Goossens, LFCS, Dept. of Computer Science JANET: kgg@uk.ac.ed.dcs University of Edinburgh, Scotland UUCP: ..!mcsun!ukc!dcs!kgg
The US policy on export of crypto, while silly, is not quite as silly as Fred
thinks. He thinks that it is silly to discourage export of pure information in
one form while tolerating it in another. In fact, that is not quite true.
While once embargoed, (indeed NSA asserted that mere discussions of crypto were
"born classified") publication of cryptographic information is sufficiently
like protected speech for its prohibition to raise constitutional issues. (You
and I would likely agree that the law should not distinguish between the media
of publication.) However, this is not the only reason that print publication
is tolerated.
The government tolerates "publication" of crypto in hardware encapsulation
because replication is very difficult. Likewise, the same information on paper
appears to them to be safer than on machine readable media. While information
printed on paper can be readily copied, the procedure must be in machine
readable form before it can be used. While, as Dr. Cohen suggests, one can
scan information from paper into a computer, the government sees this as
undesirable but tolerable. This is only one of the silly parts of this policy.
Nonetheless, any use of crypto has the potential to increase the cost of
intelligence gathering, and less important, reduce the effectiveness of law
enforcement. While the government understands that it will not be completely
successful, it believes that it has a responsibility to resist whenever and
wherever it can.
History tells us that intelligence gathering is expensive in any case. It also
tells us that we are better at gathering it than we are at using it.
Nonetheless, it is a dangerous world. If you believe, with the government that
cheap intelligence gathering is a high value, support the government policy.
The Director would have you believe that mere use of ISDN, much less secret
codes, is inhibiting the ability of the government to enforce the laws against
terrorism, drugs, and organized crime. If you believe that the use of
commercial crypto by criminals is wide-spread, if you believe that law
enforcement should be cheap and easy, and if you believe that law and order are
values that are superior to individual freedom and privacy, then support the
government policy. Otherwise, resist it.
If you believe that international electronically mediated trade and commerce
require codes that both parties can trust, then you may wish to join FBC in
resisting this silly policy. If you believe that international trade and
commerce are more important than efficient intelligence gathering, then to the
extent that you believe that, you have an obligation to resist.
William Hugh Murray, 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
203 966 4769, WHMurray at DOCKMASTER.NCSC.MIL
FBCohen@DOCKMASTER.NCSC.MIL has posted comprehensive criticisms of US policy
regarding export of cryptosystems. In a word or two, he shows how absurd it is
that an American could develop a cryptosystem abroad and both sell it both
abroad and import it to the US without violating US export laws.
Surely spooks from NSA, FBI, CIA, Commerce, and others (Oops, does Commerce
have spooks? It wouldn't surprise me) read Risks-Digest. Why, then don't we
have an authoritative, or at least an informed rebuttal to his postings? Is
this, after all, a partisan political decision that has not been made on the
bases of what's best for US competitiveness but but rather of what best
fulfills some hidden agenda?
C'mon, someone, speak up!
_Brint
The 23 March 1992 issue of Aviation Week focused on automated cockpits with 9 articles on the subject. Very interesting reading. The most interesting quotes were in the article "Pilots, Human Factors Specialists Urge Better Man-Machine Cockpit Interface". Near the end of the piece, Anthony J. Broderick, associate FAA administrator of regulation and certification is quoted several times. Quoting AW&ST: Although there are "no real, fundamental changes needed" to certify advanced hardware and software under development by major airframe manufactures, there is a need "to develop procedures that will establish certification standards for a level of safety" when using such systems, he said. .... The agency's [FAA] experience base, in addition to rules established by the RTCA -- formerly know as the Radio Technical Commission for Aeronautics — that governs design standards for software and hardware used in automation equipment, provides an acceptable means to certifying systems as they are developed, according to Broderick. Glad to know we don't need to worry about this anymore! John Theus john@theus.rain.com TheUs Group
>From _The Cincinnati Enquirer_, date missing from my copy:
A judge's distaste for clutter is pushing Cincinnati's federal
court into the high-tech world.
When a securities case comes to trial soon in the courtroom
of federal district Judge Carl Rubin, reams of exhibits will be
computerized and displayed on eight computer monitors.
...
The alternative is rows of cumbersome file cabinets lining
the walnut-paneled walls of his courtroom for weeks on end.
"And I hate that," he said.
...
With the push of a few buttons, the courtroom deputy can
display the exhibits on three color monitors in front of the
jury box, and on screens stationed before the judge's bench,
witness stand and lawyers' tables and podium.
...
Computerization also may cut down on trial time because
lawyers can change exhibits without carting posters and
papers around the courtroom.
[The newspaper photo shows a monitor displaying the front and back
of a bank check, signatures and all. "I saw it on the computer,
so it had to be real...."]
Chap Flack chap@art-sy.detroit.mi.us
There is an academic cheating brouhaha this semester at the university where I
work which is brimming over with computer risks. I am not privy to the details
of the case, but here is a summary from the published accounts.
This university has an Honor Code governing student cheating which is a source
of much school pride. Students agree not to give or receive aid on schoolwork
and as a result the university can function without the burden of proctored
exams. Alleged violations of the Honor Code are taken before the Honor
Council, an elected student body which has the authority to dole out
substantial punishments. Honor Council cases are publicized in the form of
anonymous abstracts which mask the identities of all parties.
Enter the computer: Earlier this semester, two students were accused of
colluding on a homework assignment which was done and handed in via one of the
university's academic computer networks. Their TA noticed that portions of the
two students' homework were identical, down to the initials of one of the
students. Network officials were asked to examine backup tapes for the period
of time in question and produced evidence which supported the theory that
"Student B" had sent homework to "Student A" by electronic mail immediately
before Student A turned it in. The students argued that they were innocent and
were the victims of a frame-up by an unknown "User X" who they alleged had
gained access to their accounts. The Honor Council refused to accept the "User
X" theory and convicted both students. Student B's conviction was later
overturned partly on the basis of further evidence supplied by network
officials which suggested that Student A committed the acts of cheating alone
by logging in to Student B's account.
Although officially the case is closed, it is the subject of much heated debate
in the student newspaper and local Usenet newsgroups at the university. Both
students continue to maintain their innocence and their supporters have rallied
around the slogan "Free Student A".
Computer risks seem to surround this case on all sides. A few which
come to mind:
-- The risk of cheating by computer in the first place. While academic
cheating is as old as academia, the computer can make it, like so many other
things, easier than ever before.
-- The risk of frame-ups. While the Honor Council appears to be satisfied that
the computer evidence substantiates real cheating in this case, it is clear
that a person with access to one or more users' accounts could at least cause
them a major nuisance and possibly succeed in framing them of cheating. With
the penalties involved going as high as academic suspension from a school which
costs thousands of dollars per semester, this is no light matter.
-- The complexity of evidence in cases of computer cheating. Honor council
members were quoted in the student paper as complaining about the new and
bewildering kinds of evidence they are asked to consider in computer cheating
cases, and critics of the Honor Council have complained about the dangers of
being judged by people who are not users of the systems involved and don't
thoroughly understand them.
-- The burden on system administrators. The network official who provided the
bulk of the evidence estimated that he spent a full week gathering and
analyzing it. Since the case came up, the local academic network has extended
the period of time it keeps daily backups before recycling them. How much data
is it reasonable to keep, and to pore over, in order to provide evidence in
cases like this? I don't know of a way to determine a firm answer.
-- The danger to trust and to openness. Both the university's Honor Code and
the tradition of open exchange of information within the computing community
are threatened by cases like this. Must students be kept in a "padded shell"
to prevent computerized cheating?
-- Prentiss Riddle ("aprendiz de todo, maestro de nada") priddle@hounix.org
In RISKS-13.34, a new PBS series on computers was mentioned. These 5 programmes have already aired some weeks ago on the BBC in the UK. I have seen all 5 and regard them as excellent. Their coverage of the historical material was the most accurate and even handed I have ever seen. Their coverage of risks issues is also exemplary. I could seriously use them in undergraduate teaching and did not regard them in any way as "technopulp" for the masses. There is the probability that some of the programmes are "tailored" to the home audience. I have experienced this before with other WGBH/BBC co-productions. This highlights some interesting assumptions often made with regard to TV programmes. If the programmes are in our field we assume them to be "technology for the masses", whereas the masses, having seen it on TV assume the fact presented in the program to be true. Further, if the programme is aired around the globe, or around the nation from more than one TV station we assume everyone shares the same programme we do. Do they tell the people in Cambridge (either one) that they invented the computer and at the same time tell someone in another time zone that it was invented by a little old lady from Novosibirsk? Are we being manipulated by global telecasting on an Orwellian scale? Who can tell? Not easy is it. Brian Tompsett, University of Hull, UK.
>Perhaps it is risky not to see how our
>industry is being popularized for the mass media.
Perhaps, but I've seen three out of the five programmes and was quite
impressed with the factual accuracy.
>Another risk: the title of the series is the same as that of a recent book
>about the _auto_.
Erm, the Americans must be using a different name. Over here the TV series was
called "The Dream Machine."
Nick.
> The answer that I would propose for consideration is that the great > nightmare of science fiction, an authoritative official database, may be in > fact the only way to protect ourselves from all the little brothers spreading > information about us. I disagree with this, or rather, think it should be an extremely last resort. I think promulgation of inaccurate information should be legally treated as a form of libel, with legal recourse for those who do it. Currently I understand that there is very little legal recourse for someone who suffers from inaccurate information in this manner, and so little incentive to eliminate it. -Fred Gilham gilham@csl.sri.com
Has anyone heard of or have evidence of a failure in a safety-related or other critical or security system where the developers claim they "did it right", e.g. they used good software engineering practices during development and had a good SQA program, and in particular, where they have identified common-mode failures in N-way redundant systems in hardware or software? Lin Zucconi zucconi@llnl.gov
Lin, You might look at the following paper:
* Peter G. Neumann. The Computer-Related Risk of the Year: Weak Links and
Correlated Events. Proceedings of COMPASS '91. IEEE 91CH3033-8, pp.5-8.
This paper notes the 1980 ARPANET collapse, the 1990 AT&T long-distance
collapse, and a bunch of telephone system outages, and considers seemingly
weak-link failures that actually arose because of multiple-fault modes.
It also notes the some further references that might be useful to you.
- S.S. Brilliant, J.C. Knight, N.G. Leveson. Analysis of Faults in an
N-Version Software Experiment. IEEE Trans. on Software Engineering,
Feb 1990, pp.238-247.
- J.E. Brunelle and D.E. Eckhardt. Fault-Tolerant Software: Experiment
with the SIFT Operating System. AIAA Computers in Aerospace V
Conference, October, 1985, pp.355-360.
- R.I. Cook. Reflections on a telephone cable severed near Chicago. SEN,
16, 1, pp.14-16.
- J. DeTreville. A Cautionary Tale. SEN, 16, 2, Apr 1990.
and look through the RISKS and Software Engineering Notes archives (index in
Jan 1992). I imagine some of our readers will also send you further
references, with CC: to RISKS, please.
Please report problems with the web pages to the maintainer