The RISKS Digest
Volume 18 Issue 28

Thursday, 1st August 1996

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Johannesburg Stock Exchange Computer Fails, Again
Scott Hazelhurst
Static Klingons and Dynamic Cash
Peter Wayner
Sweden will not set limits for electric and magnetic fields
Martin Minow
Cleaning person inadvertently kills patients
Archie Russel via Michael D. Crawford
DMV security code breached at hospital in New Haven
Ed Fischer
Risks of Using VISA Cash in Atlanta
Heather Hinton
Computer systems and the Olympic Games
Jose Reynaldo A. Setti
Esoteric Encryption Risks
Russ Broomell
More on the Ariane-5 Disaster
Jan-Peter Munk
Re: Western power outages
Mark Stalzer
Paul Green
Re: the complexity of everyday life
Scot E. Wilcoxon
Bryan O'Sullivan
Info on RISKS (comp.risks)

Johannesburg Stock Exchange Computer Fails, Again

Scott Hazelhurst <>
Wed, 24 Jul 1996 14:52:07 GMT
On 22 Jul 1996, the Johannesburg Stock Exchange's automated trading system,
JET, failed for the second time this month (*) (Source: *Johannesburg's
Business Day* newspaper of 23 July). Fully automated trading only started on
10 June.

After only forty minutes trading, the system failed as did the backup
system, and did not come up again that day. Only R56m worth of trade was
done, versus the average daily trade of R400m (R4.4 = US$1).

Brokers complained of three negative consequences of this:

- the loss of margins on trade (although that would be partially
  offset by greater trades the next day)

- leaving many positions open for extended periods at a time of
  great stock market volatility both nationally and internationally

- loss of foreign investment confidence in the JSE (**)

*Business Day* of 24 Jul 1996 quoted the president of the JSE as saying that
problems had been fixed and that there were no problems in trade on the
23rd. He described the error as an "an obscure network bug in the special
coding written for the decentralised SA network".(***)


*  The first failure, on 1 July, was attributed to "human error".

** The article said that the system was supplied by the Chicago Stock
   Exchange, and that it had been fixed by "technicians from the
   Chicago Stock Exchange". I would have thought that this would
   cause investors to worry more about the Chicago Stock Exchange.

*** I wonder what a non-obscure bug would be, if an
    obscure one stops trading on a  large stock exchange
    (13th by market capitalisation, I believe) for almost a full day.

Hopefully all of this will help our Dependable Computing group raise funds
from industry.

Scott Hazelhurst, Dept. of Computer Science, University of the Witwatersrand,
Johannesburg, 2050 Wits, South Africa   +27 11 716-3806

Static Klingons and Dynamic Cash

Peter Wayner <>
Wed, 24 Jul 1996 18:34:35 -0400
Devoted and casual RISKS readers will both want to dig up the 24 Jul 1996
edition of the *Wall Street Journal*, which has two very important stories
on the front page. The first is a followup to the digital cash heist where
about one half a billion dollars disappeared through counterfeit cards used
in Japanese Pachinko parlors. The story notes that the idea to use cards
could be traced to a CIA briefing that suggested that the North Korean
government was building nuclear weapons with money laundered through
pachinko parlors controlled by Koreans living in Japan.  The cards were
supposed to bring accountability and traceability. Instead billions of yen
disappeared. The article leaves the impression that the money ended up in
Korea, although no one can really be sure of anything except that it is gone
from the balance sheets of the corporations that developed the cards.

The second article describes how static electricity is beginning to be a
real problem. The opening image comes from a room where the votes on a new
tax levy were being tallied by computer. The first run of the computer
showed the new tax being rejected by the voters. OOOPS. A bit of anti-static
magic fluid was spread around the computer and the second run showed the new
tax passing much to the relief of the people in power. The article goes on
to say other interesting things about static, leaving RISKS readers hanging:
How do they *know*a which is the correct count?  I bet I can guess which
choice ended up being official.

Sweden will not set limits for electric and magnetic fields

Martin Minow <>
Tue, 23 Jul 1996 23:01:36 -0700
An article in the Swedish newspaper, *Svenska Dagbladet* (23 Jul 1996, by Annika Carlsson notes
that Sweden will not establish limits for electrical and magnetic fields.
Instead, the government has agreed on a "policy of watchfulness"
(foersiktighetspolicy). The article notes that, when a choice is possible,
one should choose technical solutions that yield the lowest electrical and
magnetic fields.

Lars-Eric Paulson, researcher at SSI (The National Radiation Protection
Institute) stated: "We lack necessary research. When we started working two
years ago, we thought that research would yield limiting values, but this
couldn't be accomplished." Research did determine, however that, among the
approximately 70 Swedish children that get leukemia every year [out of a
population of about 9 million], one case is due to large electric power
transmission lines.  [Note: I'm unsure of the proper translation here. A
literal translation would use "depends on" where I wrote "is due to."  This
would seem to be a rather strong statement.]

Furthermore, about ten people per year get cancer because of "wandering
currents." I.e., electric currents that choose a path different than what is
intended, thus causing a doubled electric field: partially from the
wandering current and partially from the electric wiring.

The lack of a national policy has led to different approaches. For example,
Solna, a suburb of Stokholm, choose to run a major electric transmission
underground even though, as Lars-Eric Paulsson notes.  this wasn't
recommended on electric field suppression grounds.  However, Solna chose the
more expensive alternative because of social and psychological concern for
the residents in the transmission line's path.

According to SSI, no other country has set limits for electric and
magnetic fields. The value of 0.2 micro-Tesla has been used at times,
but there is no evidence that more intense fields are dangerous.

[Please excuse my clumsy translation.]

Martin Minow, (former resident of Solna)

Cleaning person inadvertently kills patients

"Michael D. Crawford" <>
Wed, 24 Jul 1996 23:27:06 -0700
I don't know if this is true, but it sounds plausible.
[Similar cases have been reported previously in the RISKS archives.]

<>From: Archie Russell <archier@gulag.CS.Berkeley.EDU>
<>"For several months, our nurses have been baffled to find a dead patient in
<>the same bed every Friday morning" a spokeswoman for the Pelonomi Hospital
<>(Free State, South Africa) told reporters. "There was no apparent cause for
<>any of the deaths, and extensive checks on the air conditioning system, and
<>a search for possible bacterial infection, failed to reveal any clues."
<>"However, further inquiries have now revealed the cause of these deaths.  It
<>seems that every Friday morning a cleaner would enter the ward, remove the
<>plug that powered the patient's life support system, plug her floor polisher
<>into the vacant socket, then go about her business. When she had finished
<>her chores, she would plug the life support machine back in and leave,
<>unaware that the patient was now dead. She could not, after all, hear the
<>screams and eventual death rattle over the whirring of her polisher.
<>"We are sorry, and have sent a strong letter to the cleaner in question.
<>Further, the Free State Health and Welfare Department is arranging for an
<>electrician to fit an extra socket, so there should be no repetition of this
<>incident. The enquiry is now closed."
<>from (Cape Times, 6/13/96)
<>BTW, the headline of the newspaper story was, "Cleaner Polishes Off

Mike Crawford

DMV security code breached at hospital in New Haven

Thu, 25 Jul 1996 09:47:40 -0400
A security employee at the Hospital of St. Raphael in New Haven apparently
disclosed a security access code (password?) for telephone access to DMV
records, supposedly to be used only to check records following accidents or
car breakins on the hospital campus, but of course providing access to all
DMV records.  The access code should not have been disclosed, and the
employee's code and all other hospital codes have been cancelled, pending
review.  [Source: *Hartford Courant*, 25 July 1996, PGN Abstracting]

Edward Fischer, Director, Information Systems, Post-Newsweek Stations, Inc.
3 Constitution Plaza, Hartford CT 06103   (860) 493-2522

Risks of Using VISA Cash in Atlanta

Heather Hinton <>
Thu, 25 Jul 1996 09:43:40 -0400 (EDT)
The following article was included in "The Globe and Mail", a Toronto,
Canada newspaper on Monday, July 22 (p.1, Section C):

>From Neil A. Campbell of the Globe's Olympic staff: "In an effort to be on
the cutting edge of the Games, one of my $20 bills was exchanged last week
for a $20 VISA cash card.  The Olympics are being used to hype this new
product, which is basically an Interac card without the PIN number.  Just
about everybody in Atlanta is supposed to be accepting VISA cash cards but
the $20 card is unblemished because the only merchant who knew anything
about it had a machine that wasn't working.  Colleague Jan Wong was able to
buy two coffees with her $5 card.  But VISA cash can't be combined with real
cash, so she is currently wandering Atlanta searching for something that
costs $1.44, including tax, so she can kiss off VISA cash forever."

from Heather Hinton,

More on computer systems and the Olympic Games

"Jose Reynaldo A. Setti" <>
Thu, 25 Jul 1996 09:52:39 -0200
Among all problems that are embarrassing the ACOG, some are really funny, as
the *Toronto Globe and Mail* reports today:

  Results were flowing faster yesterday, but the Info '96 database,
  which is supposed to provide biographical information to journalists
  and others, was still shaky. Biographies of many famous athletes,
  including U.S. long jumper Carl Lewis, were unavailable, and
  information on others was so poor as to call the whole system into
  question. Lisa Neuberger, a sailor who carried the flag for the
  Virgin Islands at the opening ceremonies, is listed as being 95
  years old. Sule Olaleye of Nigeria is the 125th-ranked table-tennis
  player in the world. It is no wonder he is so unaccomplished--the
  computer insists he is only 17 centimetres tall.

The risks of depending on computers is that they tend to make you older,
shorter and probably fat and bald, too.

Dr. Jose Reynaldo Setti, Universidade de Sao Paulo, Dept. of Transport
Engineering 13560-250 Av. Carlos Botelho, 1465, Sao Carlos, SP Brazil

Esoteric Encryption Risks

"-Broomell, Russ" <MARKETING/MARKETING/>
Thu, 25 Jul 96 09:43 EST
     While I'm not an expert in encryption, I have been following the
on-going discussions on increasing standards.  It seems to me that there's a
broader risk that we're ignoring.  It really hit home the other night...
     A friend and I were having dinner, and since he knows that I work with
computers for a living, he asked what I thought about taking customer orders
through his web site.  He had heard something about credit cards not being
secure and wanted to know what I thought.  I made the mistake of asking him
how he put handles computer security in general.
     He says that he uses the internet to send new product designs and costs
to and from his manufacturers.  If he feels they are *really sensitive* he
uses a disk compression program with password protection.  Then, for large
files, he has his *computer person* copy the files to a directory on his web
site - and he e-mails the location and password to the intended recipient.
 He *makes sure there's no link pointing to the file, so nobody can find it*
and then deletes it after the recipient has acknowledged receipt.
     The risk here is obvious - the discussion of 100+ bit encryption is
lost on this guy - he uses little or no encryption for data protection.
 Although maybe we can find a lesson here, that anonymity is still the best

More on the Ariane-5 Disaster

Jan-Peter Munk <>
Wed, 24 Jul 1996 09:46:38 GMT
Today (24 Jul 1996) here in Berlin, the local newspaper *Der Tagesspiegel*
published some facts from the final inquiry report about the Ariane-5
disaster on 4 Jun. This report was officially released on Tuesday, 23 Jul.

In accordance to the report the Ariane-5 crash was caused by a faulty
software.  37 secs after lift-off no information about present position and
course was available.  The data was to be delivered by a redundant set of
Inertial Reference Systems (IRS). But two of these platforms (subsystems)
failed. This failure was not(!) considered by the test software which ran
before the lift-off.

The official inquiry commission found out that the IRS was designed for the
preceding model, Ariane-4. That's why on 4 June 1996 a function was called
that was supposed to align the missing Inertial platforms.  But: This
function was not necessary for Ariane-5!  However, this alignment function
overloaded the computer, and as a result, the necessary data was not

"This [design, JPM] fault could have been discovered", Mr. Wolfgang Kubbat
(Darmstadt U of Technology) as a member of the inquiry commission was cited.
The vice chairman of the commission, Mr. Lennart Luebeck, emphasized the
demand for better and more realistic tests.

The president of the European Space Agency (ESA), Mr. Luton, said that
there won't be a discussion on the system architecture [of Ariane-5,
JPM]. He estimates a total cost rise for the program of about 2 to 4
percent (current state: 37 billion FF/ 11 billion DEM).

The next launch of a Ariane-5 is considered for spring 1997.

Jan-Peter Munk (student), Daimler-Benz AG, Research and Technology
Alt-Moabit 96a, D-10559 Berlin

  [BTW, The brief quote cited in RISKS-18.27 by Pat Lincoln
  was followed in the full text by this:

    > The extensive reviews and tests carried out during the Ariane
    > 5 development programme did not include adequate analysis and
    > testing of the inertial reference system or of the complete flight
    > control system, which could have detected the potential failure.

    > Despite the series of tests and reviews carried out under the
    > programme, in the course of which thousands of corrections were
    > made, shortcomings in the system approach concerning the
    > software resulted in failure to detect the fault.  It is stressed that
    > alignment function of the inertial reference system, which served
    > a purpose only before lift-off (but remained operative afterwards),
    > was not taken into account in the simulations and that the
    > equipment and system tests were not sufficiently representative.


Re: Western power outages (Pettit, RISKS-18.27)

Mark Stalzer <>
Wed, 24 Jul 1996 10:16:22 -0700
Tracy Pettit wrote an interesting piece in RISKS-18.27 on the US power grid
and it vulnerabilities. I want to take issue with one point however, namely
that setting electricity rates in a market will lower reliability.  [...]

I think a market based approach might let us discover a better balance
between cost and reliability. The bond market is a good analogy, the cost of
US treasuries for a given rate is higher than corporate bonds since people
are willing to pay more for the reliability of government bonds (please, no
laughing). Similarly, many consumers of electricity (municipal distributors)
will probably be willing to pay a bit more for power from a utility that has
a good reliability record. Others might go after the cheapest power
possible, even with outages, to perform tasks that are not time critical
like pumping water into a reservoir or charging electric cars.  You might
get an increase in reliability if redundant networks of different grades of
power start to appear. The overall impact on reliability is difficult to
say, but it might actually improve.

Mark Stalzer,

Re: Western power outages (Pettit, RISKS-18.27)

Wed, 24 Jul 96 17:39 EDT
The Massachusetts Department of Public Utilities is currently undergoing a
comment period regarding their proposed rulemaking on unbundling electric
producers from transmission companies.  If you act quickly you can get your
comments submitted in a timely fashion.

The brochure they had inserted in my electric bill says "The CPU will work
to ensure that the new system will be as safe and reliable as the current
structure." Where I live (fairly rural town), I estimate that the electric
service is about 99% reliable; i.e., about 8 hours downtime/year.  Not so
good.  While most outages are fairly short (~1 hour), each year we seem to
get a major outage (~6 hours).  Thus, I own a rather large generator, and I
do use it.  It is my understanding that most of our outages are
transmission-related and are due to weather or motor vehicle accidents.

The proposed rules are online at "".

The public comment period ends on August 2, 1996.  The E-mail address
for comments is:  "".

The postal address for comments is:
     Mary Cottrell, Secretary
     RE: DPU 96-100
     Department of Public Utilities
     100 Cambridge St
     Boston, MA 02202 USA

Paul Green, Sr. Technical Consultant, Stratus Computer, Marlboro, MA.

Re: the complexity of everyday life (Norman on Tenner, RISKS-18.27)

"Scot E. Wilcoxon" <>
Tue, 23 Jul 1996 22:58:15 -0500
>The main emphasis is on the unintended side effects of human introduction
>of items alien to the culture or environment

Keep this in perspective.  The complexity of everyday life in developed
countries is much simpler than the complexity of everyday life for Man in
the wild.  Without our technology, we would spend a lot of time fending off
our natural environment (including germs, lice, and predators) and feeding
ourselves (hope for global temps to rise to normal so there's more food and
more large animals to hunt).

Scot E. Wilcoxon

Re: the complexity of everyday life (Norman on Tenner, RISKS-18.27)

"Bryan O'Sullivan" <>
Tue, 23 Jul 1996 17:45:54 -0700 (PDT)
RISKS of books about RISKS?

In RISKS-18.27, Don Norman recommends Edward Tenner's "Why Things Bite Back"
as a fine book on the unintended consequences of technology.  While I am
inclined to agree that it makes a diverting light read, I would not commend
it for serious perusal.

As Caitlin Burke's review of this book (which may be found at makes clear, Tenner is somewhat confused by his
subject matter, and is prone to undermining his own points through the
lightweight treatment he devotes to them.  [Caitlin Burke <>]

The most notable instance of this she cites is Tenner's coverage of
Post-Traumatic Stress Disorder (PTSD).  Tenner suggests that the improved
ability of the military to treat wounded soldiers and return them to service
was a major factor the high incidence of PTSD, making no mention of much
more important issues such as the nature of the training soldiers received,
their youth, or disapproval of the war "back home".

While Tenner's proclivity towards undermining the ironies he seeks to expose
through the introduction of unintended ironies of his own is unfortunate,
his book is an enjoyable, and largely (even studiously) uncontroversial,
romp.  One final caution is, however, in order: "Why Things Bite Back"
focuses much more on biological issues than on those relating to computers,
and as such may not provide substantial grist for the mills of RISKS

Please report problems with the web pages to the maintainer