Excerpted from The Japan Times October 7,1993 Osaka- Osaka Prefectural Police suspect control faults caused a train to crash here Tuesday, injuring 178 of the 290 passengers on board. They suspect the driverless train was traveling at about 30 kph when it crashed into a safety buffer at Suminoekoen Station, judging by the number of broken glass panels on the train. The train derailed after smashing into the buffer at the end of the track. Had it passed through the buffer, it would have crashed down on to a major street which was filled with rush-hour traffic. [The train was elevated approximately 20 meters judging from TV pictures. It would have had to crash through both the buffer and a short concrete wall at the end of the track before it could have fallen to the street. HKC] Of the 178 injured passengers, 48 were hospitalized. It was the first time the New Tram has been involved in an accident causing injury since it began running in 1981 The train, which carries about 60,000 passengers each day, makes about two-thirds of its runs without a driver or conductor aboard. Similar computerized transport systems are being introduced in Kobe, Saitama and Yokohama. [A similar train is already in operation near Nagoya. HKC] Malfunctions of the train's two control systems led to the crash, police said. The automatic train operation system, which decelerates the train in four stages when it is within 200 meters of a station, failed, and the automatic train control system, which stops the train in an emergency situation worked inadequately, they said. The control system applied an emergency brake only 45 meters from the safety buffer by using an emergency circuit, police said. Hank Cohen, Concurrent Nippon Corp., Shuwa yanagibashi Bldg. 5F, Yanagibashi 2-19-6, Taito-ku Tokyo 111, Japan Denwa: 03-3864-5714 Fax: 03-3864-0898
WALL STREET JOURNAL (October 7, 1993) - Federal safety investigators said autopilot problems have caused certain Boeing jets to change direction for no apparent reason. The National Transportation Safety Board has asked the Federal Aviation Administration to warn pilots that autopilots on Boeing 757 and 767 airplanes have engaged and disengaged on their own, and to take precautionary measures. The FAA said it would put the matter under "high-priority review." The autopilots of Boeing 757s and 767s are made by Collins Avionics, a division of Rockwell International. Collins officials couldn't be reached to comment.
Excerpted and paraphrased from "la Repubblica" (popular, "independent" Italian morning newspaper), 28 September 1993, p. 54 (quotes, square-bracketed comments and mis-translations of stock market jargon are mine): "The day in Piazza Affari [i.e., the Milano Stock Exchange] was characterised by a curious incident": an operator was ordered to sell 51000 'Generali' shares at 39,500 Lire each; he mistyped the price as 35,000. "The mistake prevented Generali stock from 'opening' and caused turmoil in the market: what calamity was happening in Italy or the world so severe ... to make the price of the best stock in the Italian market drop so quickly? A few moments of panic followed, which caused a further drop of the price to 31,000 Lire. Then the mystery was explained, and Generali closed at 39,991 Lire (+1.18 %) and at the end of the day they were exchanged above 40,000 Lire" As I understand it, the stock market is protected against snowball effects from such mistakes by the fact that authorities can stop the dealing on an item whose price changes too quickly; I wonder whether any of the software used by individual dealers attempts to alert them about seemingly extravagant orders. Lorenzo Strigini, IEI-CNR, Via Santa Maria 46 I-56126 Pisa - Italy tel. +39 50 593495; fax +39 50 554342 E-mail: firstname.lastname@example.org
From The Oregonian (Portland, Oregon), October 7, 1993, by Vince Kohler Epitope Inc. used information subpoenaed from the computer bulletin- board service Prodigy to prepare a $5 million federal lawsuit against a Kidder, Peabody vice president in Kansas City, Mo. Lois Rosenbaum, a lawyer for Epitope, said the company used information from Prodigy Services Co. to track down A. Karl Kipke, who works for Kidder, Peabody in Kansas City, Mo. The lawsuit claims that Kipke used a false name, William Smith, to log onto a Prodigy electronic bulletin board on three occasions in August. Each time, the lawsuit contends, Kipke wrote lengthy commentaries he knew were false and defamatory about Epitope, the company's management practices and its attempts to gain federal approval of an oral device used to detect the AIDS virus. [...] "We certainly believe the price of the stock is lower than it would've been but for these false allegations, Rosenbaum said. "And I think it's clear that the articles were written for the purpose of negatively influencing the price of the stock." [...] Epitope's lawsuit says Kipke and his clients were holders of short positions in Epitope stock. [...] Epitope's lawsuit seeks $5 million in punitive damages from Kipke and alleges defamation, manipulation of security prices, securities fraud and intentional interference with business relations. Rosenbaum acknowledged that the lawsuit's electronic dimension is "a very unusual situation." Submitter note: The omitted sections of text basically say that Kipke was unavailable for comment and explain what holding a "short position" means. -- Tom Hanrahan, email@example.com
The Spring 1993 issue of the journal Representations (orange cover, widely available on newsstands in college towns) is a special issue on the future of libraries, taking as its point of departure the new national library that Francois Mitterand is trying to build in Paris. The whole issue is interesting, but the main Risks-relevant article is by Geoff Nunberg: Geoffrey Nunberg, The place of books in the age of electronic reproduction, Representations 42, 1993, pages 13-37. Nunberg argues (among many other points) that printed newspapers have served to help create what Benedict Anderson called "imagined communities". The idea is that, since everyone in San Diego (say) gets more or less the same version of the San Diego Union-Tribune, readers of the Union-Tribune are aware that everyone else who is reading the paper sees the same articles. Thus they can get a sense of what "everyone knows" about the day's events that help to knit together a coherent concept of the community. Of course in San Diego people read the LA Times and the NY Times as well, and many people get all their news from TV. The point is that people get their news from only a small number of sources that are the same everywhere, and these provide a way of imagining what "we" know, think, read, have opinions about, and so forth. In the age of electronic distribution of information, though, it's quite possible for everyone to get customized information which is filtered down in various ways and then assembled from a patchwork of different sources. The result might be greater difficulty in imagining communities, as opposed to imagining professions or other specialized interest groups that would tend to steer toward the same information sources. The same issue contains an article on the future of copyright: Jane C. Ginsburg, Copyright without walls?: Speculations on literary property in the library of the future, Representations 42, 1993, pages 53-73. Phil Agre, UCSD
The current Harvard Business Review contains an article telling business people how to use massive databases of personal information in their marketing. Although generally somewhat weak, it does include some special moments, like the observation that most businesses can't yet afford enough disks to store tens of millions of bytes (including, for example, purchase histories) on tens of millions of customers. The most useful bit is a sidebar on pages 154-155 explaining that privacy restrictions on uses of personal information only hurt small businesses, since the big ones can afford the added costs they induce. This lame argument is a good example of the current big fashion in lobbying, "showing how it hurts the little guy". The reference is: Jim Bessen, Riding the information wave, Harvard Business Review 71(5), September-October 1993, pages 150-160. The same issue includes an equally vague article on enterprise integration. The good news is that a really interesting new book on personal information has appeared: Oscar H. Gandy, Jr., The Panoptic Sort: A Political Economy of Personal Information, Boulder: Westview Press, 1993. It's helpful to consider the book at three separate levels: (1) It includes an impressive catalog of phenomena related to personal information. Most of these will be familiar from Risks, but here they're all collected in one place with references. It also includes a remarkable survey of the relevant critical literature, for a total of about 700 useful footnotes. (2) It also includes some empirical studies, some of which I found more useful than others. The best by far is a study of the conditions under which people become concerned about threats to privacy from the collection of personal information. It has all the limitations of survey and focus group based research, but it's an important starting point. (3) Finally, it attempts to develop a theory of the political economy of personal information. It is a pessimistic theory, laying out the forces that tend to cause personal information to be collected and centralized. As such, this theory will not please conservatives, with their faith in markets, or progressive activists, with their faith in people's capacity to resist oppression. But hey, maybe he's right. Phil Agre, UCSD
How ironic. In the October 1993 issue of CACM, the "Inside RISKS" column contains a long litany of computer systems which were proposed as new and better alternatives to existing systems, but rarely were completed "on time, within budget, and up to spec." In the same issue, the "Newstrack" column reports on the recent announcement of plans to build an IBM supercomputer with 512 processors at Cornell. New York Governor Mario Cuomo comments, "I really don't understand it, but I know it means change; and from change comes strength." Perhaps — but as "Inside RISKS" demonstrates this month, change which is not carefully planned and carefully executed may bring weakness, too. The attitude that "if I do it on a computer, it's better, and if it's on a bigger computer, it's better yet" still seems far too prominent.
The "Rich Bastard" bank mailing list blooper (RISKS-14.89) was also posted to alt.folklore.computes, where it spawned a thread on incorrect transformations of personal and other names in mailing lists. The following are collected from articles by John Miller, John Switzer, Jeff Hibbard, Jay Maynard, Joel Sumner, Jeff DelPapa, Hugh JE Davies, Terry Kennedy, Jake Richter, Kevin Stevens, Scott Telford, and Brad Heintz. Remarks in ["..."] are from the above people and not me. Georgia-Pacific Corporation -> Georgia P. Corporati -> Dear Ms. Corporati ["So how long have you been an Italian transvestite and how did the bank find out about it?"] Bradley University -> Mrs. Bradley Un, IV -> Dear Mrs. Un James R. Maynard III -> Mr. Iii [but in the same software...] James R. Maynard, III [but "I've always signed my name without the comma"] -> Mr. Maynard Lambda Chi Alpha -> Alpha, Lambda C. Undergraduate Lounge -> Dear Mr. Ung Lounge, -> Just think what the neighbors will think when they see you and the other members of the Lounge family riding around the neighborhood in your new Cadillac. ... Lord xxxx -> Dear Mr. Lord St. Peter's College -> Saint Peter S. College -> Dear Saint College ["It's amazing that they actually parse for a salutation of 'Saint'. How many of those are still receiving mail?"] Citibank -> Pending Deletion, Citibank Department of Computer Science -> Dear Mr. Science, Nuclear Physics Department -> Dear Mr. Nuclear [The recipient "put it on his door, thus buying himself an instant nickname."] And finally ["I had been sharing a house rental for several months, a few years back, when we received a dunning notice from a collection agency. ... Took a bit of the pace off that it was personalized to 'Resident', though."] Mark Brader, Toronto utzoo!sq!msb firstname.lastname@example.org [PGN adds that the RISKS archives include bunch of others that could be included in this list, the most amusing of which were probably these: Friedman Wedd etal -> Etalfried Wedd [a letter offered the recipient a pre-approved loan for $750. A follow-up spoof story given in RISKS-10.16 had "Etalfried" complaining about the paltriness of the amount, and being offered an unsecured cash loan for $250,000!] Mail sent to Switzerland -> wound up routed to Switzerla ND (North Dakota). ]
The University of Michigan annually holds a "Computer Kickoff Sale", an opportunity for students to buy personal computer systems through UM for reduced prices. This year, a few students got an added bonus: a virus. Four hundred Macintosh systems sold on the first day of the sale had the nVIR virus included on the standard distribution disks prepared by the Information Technology Division (ITD). The source of the virus is currently unknown. "We're still investigating where the virus may have come from ... We don't know if it's the duplicating company that we used, it's a possibility. It's a possibility that even though our master disks here were scanned for viruses before it went out to the duplicator, it could have been infected here," said Phil Harding, manager of the sales program. The standard distribution disks include a copy of Disinfectant, a Macintosh anti-viral program, which can be used to remove the nVIR virus. ITD warned new users about the possibility of viral infection even before this problem came to light. ITD has removed the virus from all remaining distribution disks and will replace any old distribution disks free of charge. Ryan Goble, a first year student who bought a Macintosh through the sale, commented, "I assumed everything would be sterile because the disk came in a plastic bag." Harding again: "Next year we'll have tighter controls and testing. I'm assuming responsibility for this because it was under my jurisdiction. We just have to do tighter testing once the disks come back from the duplicator." Later: "It's a bad situation, but we're trying to make the best of it. I'm sure this incident will make people more aware of viruses and to get the right applications to eradicate and prevent them from occurring." [Source: cover story in _The_Michigan_Daily_, UM campus student newspaper, 7 Oct 1993.]
David Jones in Montreal asked about a report that Bank of America fired an employee after snooping in his e-mail and discovering that he worked as a male stripper at night. It is true that Bank of America fired the man, Michael Thomasson of San Francisco after it discovered his moonlighting, but they discovered it by going through his desk, not his e-mail. This case and 500 other invasions of privacy are written up in WAR STORIES, a collection published by Privacy Journal and selling fo r $17.50. Call 401/274-7861 or write MCI Mail, rsmith 510-1719, or PO Box 28577 Providence RI 02908. While we are at it, Privacy Journal also publishes a special report on uses and abuses of Social Security numbers, including the current laws covering the use of SSNs. It sells for $15. Robert Ellis Smith Publisher, Privacy Journal
Forgeries of resignations and the like are the norm during the novelty phase of a service. Of course many people will treat it as a very serious crime. My concern is more with the issue of closed loop vs open loop mechanisms. There will always be some imperfections in the system that people will exploit on purpose or by accident. While we can string offenders up by the thumbs, accidents will still happen. For example, one needs to send a quick message and uses the nearest terminal forgetting that it will be from the currently logged in user. People need to remember that reality checking is a key part of any system be it technical or social. If one receives an unexpected letter of resignation, one should check it out instead of playing the role of a droid and just following through. There will still be the serious crimes in which one sets the stage so the letter seems real, but casual pranks should have bounded repercussions. Of course, if people verified, we'd lose too many book and movie plots. In a world where legal communication is via Fax the problem is not just "computer" fraud but one of assuring a degree of trust. I do recall a store where some students at MIT submitted an order for a 747 from Boeing. They got a call asking where to deliver it... The report on the error in radiation dosage also emphasis the open-loop phenomena. Why doesn't a life critical system meter the actual dosage given instead of assuming that everything is working perfectly. Then there was the BART Train that couldn't determine it was going at 40mph when it thought it was stopped.
>It's a sad state of affairs when the FBI investigates a college prank but >doesn't investigate murder and rape running rampant through the nation. On the other hand, the FBI is only chartered to investigate certain categories of crimes. In particular, they can only initiate action on violations of *federal* laws, or assist in state or local actions *on invitation only*. Now, if a "college prank" involves the violation of one of the federal statutes regarding electronic activity, they can take action. Murder and rape are state actions and handled at the state level (hint - read the papers about ongoing trials, and see if they are being held in the state court system, or in the local Federal Circuit courts). The legal basis for this setup goes back to the Constitution and the delegation of powers to the federal and state governments. Does anybody have a reference to which federal statutes the FBI used as a basis for the investigation? ObRisk: Do we, as a nation, *want* the FBI sticking its nose into every murder and robbery case? I'm sure there's a Big Brother problem lurking there.. Valdis Kletnieks, Computer Systems Engineer, Virginia Tech
When an application runs with more than one privilege state, care should be taken to isolate the privileged portion from the untrusted code. This is well done with ring protection schemes: Address space is organized in "rings", from the inner kernel (lowest ring number, highest privilege) to the unprivileged application (highest ring number, lowest privilege). A program can only CALL routines of same or HIGHER level of privilege. A routine of lower privilege is considered untrustable: You call the operating system, don't expect it to call you. Hardware enforces that the routines are called only at special entry points called "GATES". When a routine executes in a more privileged state, it's address space and stack is isolated from access by less privileged routines by being placed in another ring space. A program can ACCESS data of same or LOWER privilege. Of course, a privileged program should not really trust what lies (pun intended ;-) ) in less privileged spaces. Some routines can conform to the ring of the caller. For example a well debugged string manipulation routine is very trustable and can be used by the operating system as well as the application, but should not be granted increased privilege when running. Code has three ring attributes: a) Least privileged ring where it can execute. The code is not accessible from programs which lack this access level. b) Least privilege granted. If this value differs from the first one, the routine is said to be "GATED", and can execute with a higher privilege than the caller. If the caller uses the routine at a privilege level equal or higher, then the execution ring do not change. c) Most privileged ring where it can execute (ie: Trust level) The routine is untrustworthy of usage by a more privileged application. In ring numbers, the relation a >= b >= c is always true. Data has two ring attributes: - Read attribute: Least privilege needed to read the information. - Write attribute: Least privilege needed to write it. The write ring level is always lower or equal than the read level (same or higher privilege) Files possess ring attributes. In such a system, the password file could be world readable and writable, but in rings which normal users cannot normally access. The separation of address spaces ease the debugging of system problems: When data integrity is compromised in an address space, the lower-privileged routines and programs are not likely causes for the problem, unless the address spaces manager is itself in error in some way. Of course, there are drawbacks. The over-utilisation of ring mechanisms augment context switches (which are costly), and the processor needs more registers to manage the rings. The only operating system I know that uses this protection scheme fully is NOS/VE.[*] I know that the 80x86 (x > 1) have a built-in ring mechanism and that OS/2 uses it to some point, but I do not know of any UNIX system that uses rings. A network implementation using this scheme could be interesting, but hardware address space separation should be replaced by cryptographic certificates. A client-server implementation would be slow compared to the hardware solution, but it would be more portable. Yves Royer, Universite du Quebec a Trois-Rivieres (819) 376-5100 Yves_Royer@UQTR.UQuebec.CA [Never heard of Multics, eh? Well, that was almost 30 years ago. ... PGN]
Readers concerned with ethical issues in computing might be interested in the article: Is There an Ethics of Computing? by Geoffrey Brown in the J. of Applied Philosophy 8(1), 1991. Peter Ladkin
Paul Smee asked if the radiation machine operator forgot to RTFM — apparently the hospital didn't receive the manual until several YEARS after they started using the machine! David Crooke, Department of Computer Science, University of Edinburgh JCMB Rm 3310, King's Bldgs, W Mains Rd., Edinburgh EH9 3JZ. 031 650 6013
What kind of testing did they do? I would hope that testing this device would include a test to make sure it was calibrated. That if the machine is supposed to operate at so many roentgens for so many seconds, that it actually does so! This would not be a built-in-test, but would involve an external, precalibrated measuring instrument. Let's get real, when I buy bananas and gas, those scales are required to be inspected in such a manner! I would have hoped that this test would have been performed: By the manufacturer: o after every relevant hardware or software change o on each machine before it is shipped At the clinic: o upon delivery and acceptance of the machine by the radiologists o whenever maintenance is performed o at periodic intervals (annually, quarterly?) Who built this, the same dolts who tested the Hubble mirror? Dare I suggest some official body regulate such devices, or would that be an example of government over regulation of private industry? Jerry Bakin.
Yes, but regulation is not enough. You must have seen the item in RISKS about the gas station that had Trojan horsed its computer and was systematically charging for gas that had never been pumped. PGN
You're right. But regulation would raise the issue, and create paper trails to show some compliance. There's not much motive to charge for radiation that hasn't been pumped, although I guess that IS exactly what had been occurring. My hope is that was unintentional in the cancer treatment case. :) Jerry.
Please report problems with the web pages to the maintainer