The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 2 Issue 38

Wednesday, 9 Apr 1986

Contents

o The UK Driving Vehicle Licensing Centre
Brian Randell
o Computer crime wave
Chris Hibbert
o Programming productivity
Herb Lin
o Request for information about military battle software
Scott E. Preece
o Aviation Week Technical Survey: AI & Aviation
Werner Uhrig
o Info on RISKS (comp.risks)

The UK Driving Vehicle Licensing Centre

Brian Randell <brian%cheviot.newcastle.ac.uk@cs.ucl.ac.uk>
Tue, 8 Apr 86 12:03:45 gmt
Several newspapers and magazines here have carried stories about
the alleged activities of hackers regarding the Driving Vehicle Licensing
Centre - a very large computer system that has received much bad
publicity in the press and in parliament over the years because
of cost over-runs and delays.
Here is a sample, from  the April 1986 glossy journal "Business":

  "Computer hackers have been running a brisk racket "cleaning up" the
  driving licences of wealthy business men. For a charge of [pounds] 100
  a point endorsements have been erased from the files of the British
  Government's Licensing Centre at Swansea and its supposedly impenetrable
  computer ordered to issue new licences. Drivers who accumulate 12 penalty
  points within 3 years are liable to ban or disqualifications. Reckless
  driving, for instance, attracts 10 points; failing to stop after an accident
  5.9 points; drunken driving 10 points (plus a 12 months disqualification).
  Drivers' records at Swansea are held on the Department of Transport's
  3081 Model G mainframe, whose manufacturers, of course, are not responsible
  for its customers security procedures. About a year ago, an access code
  number appeared on at least four "bulletin boards" - informal computer
  games and information exchange facilities set up and used by home computer
  enthusiasts (not in this instance mischevious schoolboys).
  "I am not suggesting the number on the board was that of the DVLC", says a
  source, "but it gave you access to a database with levels of password
  protection. It was obviously a secure system and was related to DVLC
  because the name headed the file. The access was not very privileged
  but knowing the procedures allowed priority in the system and enabled you
  to eliminate endorsements and order new licences to be issued."
  Amendments to the DVLC mainframe were automatically carried through to
  the back-up records kept on magnetic disc storage."

Such stories have inspired denials from the DVLC - for example in Datalink:

  "The Driving and Vehicle Licensing Centre in Swansea has denied press
  reports that computer hackers have broken into its database and wiped
  traffic offenses off driver records.
  The DVLC, which employs 1500 staff in a computer centre running a variety of
  kit including two IBM 3083s, is adamant that its system is secure from
  outside interference. "We have no dial-in facility, there's no electronic
  access at all from off-site," a spokesman said.

Some 160 programmers work at the DVLC, and the spokesman admitted that
officials are "looking at internal arrangements" to see whether files have
been amended in return for payment."

My cynical view is that from most other sources such a denial would be
immediately accepted, and indeed it may well be true. However the thought that
such record tampering just might be going on, and so allowing banned drivers
back onto the roads, is a worrying one.

Cheers, Brian Randell - Computing Laboratory, University of Newcastle upon Tyne

  ARPA  : brian%cheviot.newcastle@ucl-cs.arpa
  UUCP  : <UK>!ukc!cheviot!brian
  JANET : brian@uk.ac.newcastle.cheviot


computer crime wave

<Hibbert.pa@Xerox.COM>
Wed, 2 Apr 86 10:53:29 PST
There was an article in the March 31, 1986 edition of the Washington
Post's National Weekly Edition titled "The Computer Crime 'Wave': It's
more politician's bark than our byte".

After an initial few paragraphs in which the writer reminded us that
"national commissions that are set up to study and report on This Trend
or That Issue always end up concluding that the trend/issue in question
is a bigger national problem than anybody ever imagined", the article
reported on the "First Annual Statistical report" from the National
Center on Computer Crime.

"Over a two year period, the national center surveyed 130 prosecutor's
offices in 38 states and asked how many computer crimes each office had
encountered. ...  The national center's survey of prosecutors came up with a
grand total of 75 reported 'computer crimes.'  Even that minuscule number,
it must be noted includes some infractions that can only be classified
'computer crime' if you stretch the language considerably.  One reported
case involves ... a county prosecutor ...  who got a friend in the motor
vehicle department to delete two speeding tickets from his driving record.
This is labeled 'computer crime' because the record was on a computer tape...

In short, this first national census says that 'computer crime,' by any
stretch of the definition, is a statistically minute phenomenon.  The antics
of a few hackers have garnered grossly disproportionate attention from the
media and the law-enforcement community.  So-called 'computer crime' is
novel and exciting, so it's hardly surprising that even a few cases would
attract considerable notice.

But Legislators around the country are acting as if there really is a
'computer crime' problem.  The center's study shows that 22 states
passed new 'computer crime' legislation in the past two years. ..."

Chris


Programming productivity

<LIN@XX.LCS.MIT.EDU>
Sun, 6 Apr 1986 23:45 EST
    From: ihnp4!utzoo!henry at seismo.CSS.GOV

    I went and re-read Terry Winograd's old "Reactive Engine" paper.  He
    comments, roughly: "If, by decree of God or ARPA, we were only allowed
    to run one user at a time on the PDP-10, just think of all the effort
    that would be invested in making that one user's time productive."
    Despite the enormous increases in computing power available to
    individual users since then, that has not happened: much of that extra
    power is simply being thrown away.

True enough.  But why do you think that large amounts of effort
invested would necessarily improve productivity?  Despite long
practice, for example, people can hold only a few ideas simultaneously
in short term memory.  There are mnemonic aids available, but they
don't enable someone to do hundreds of times better.

I use this analogy because there is some evidence that limitations
on short-term memory account for a variety of cognitive limitations,
among which may be programming.  Ultimately, it may the limitations of
the human mind that prevent us from forever expanding our achievements.

    How many programmers, even ones working on life-critical software like
    airliner flight control or fiercely difficult problems like
    ballistic-missile defence, have the kinds of electronic and human
    support that these thoughts suggest are possible?

That's easy.  Not many.  Indeed, military software procurement is by
all accounts an utter mess.


Request for information about military battle software

Scott E. Preece <preece%ccvaxa@gswd-vms>
Mon, 7 Apr 86 09:43:05 cst
> [Parnas, quoted by Dave Benson]

> The other members of the SDI advisory panel that David Parnas was on
> and other public figures have said "Why are you so pessimistic?  You
> don't have any hard figures to back up your claims."  Parnas agreed
> that he didn't have any until he thought of the only one that he
> needed: ZERO.  ZERO is the number of real systems that were trustworthy
> at first use.  ZERO is the number of real systems that met unknown
> requirements at first use.  ZERO is the number of prototyped systems
> that worked at first use.  ZERO is the number of simulated systems that
> worked at first use.  ZERO!
----------
There are two essential, undefined terms in this statement: "first use"
and "worked".  The shuttle Enterprise, for instance, worked the first
time they dropped it from its carrier 747.  Was that its "first use", or
do you count the many hours of simulation preceding that first flight?
I wasn't there and have no idea whether there were bugs that showed up,
but they clearly didn't keep the test from succeeding.  Is that
"working"?

The trouble with a debate like this is that it tends to force people
more and more into idiotic dichotoomized positions.  SDI software would
obviously be a huge challenge to produce and validate.  I have no hope
it would work perfectly the first time used; I have no reason to believe
it wouldn't work partially the first time it was used.  The question of
how perfectly it has to work is the central one.  All the reports I've
seen on both sides, including Parnas's essays, are hand waving.  The
task is too ill defined to be making statements about whether it can be
done.  The debate is silly.  If you build the thing, you don't trust
your security to it until you have been damned well convinced that it
works; I am unwilling to accept the statement that "You can never be
convinced that it works," when daily we all trust our lives dozens of
times to things that we have been convinced work.  There are plenty of
good and, I think sufficient, arguments for not building SDI without
claiming that it can't be done.

--
scott preece
gould/csd - urbana
ihnp4!uiucdcs!ccvaxa!preece


Aviation Week Technical Survey: AI & Aviation

Werner Uhrig <CMP.WERNER@R20.UTEXAS.EDU>
Tue 8 Apr 86 11:06:41-CST
[ I am sure, readers of AVIATION and RISKS are interested also;
  for somewhat different reasons, of course ....        ---Werner ]

                ---------------

Date: Wed 26 Mar 86 09:08:28-PST
From: Oscar Firschein <FIRSCHEIN@SRI-IU.ARPA>
Subject: Aviation Week Technical Survey


AILIST readers might be interested in the following:

Aviation Week and Space Technology, Feb. 17, 1986 has a technical
survey of artificial intelligence, mostly applied to military
applications.  Included are the DARPA-supported programs in Pilot's
Associate and the Autonomous Land Vehicle (ALV) and the VLSI lisp
machine being built by Texas Instruments.

Company profiles include McDonnell Aircraft's work in the Pilot's
Associate and avionics maintenance expert system; Boeing's AI Center;
MITRE's work in natural language understanding; Grumman's decision
support systems; Hughes AI center; and Westinghouse avionics
troubleshooting expert system.

Please report problems with the web pages to the maintainer

Top